On Thu, 29 Nov 2001, martin f krafft wrote: >okay, so i read the FAQ, they are possible. but they don't make sense. >in fact, i will argue that as soon as you employ netfilter or >ipchains on a linux bridge, you don't have a bridge anymore! you won't >have a packet filter or router either, but it's not going to be a >bridge as it concerns itself with the payload encapsulated in >802.2/802.3
One point you are missing is that it is possible using this kind of configuration to create a firewall where you cannot address any of it's external interfaces. So how can you do an intrusion attack on a firewall that you cannot address?
