"Scott C. Best" wrote:
>
> Heyaz. Anyone ever build a LEAF/LRP kernel with this
> patch:
>
> http://ac2i.tzo.com/bridge_filter/
>
> Am noodling on a "zero insertion cost" filter based
> on LEAF:
>
> old: LAN <=> LAN's Gateway
>
> new: LAN <=> New Filter Box <=> LAN's Gateway
>
> I think if setup specifically to bridge, I won't
> have to proxy-arp. And AFIAK bridging removes ipchains'
> ability to filter the packets. Hence the question about the
> patch.
Couple of times :-)
The patch you referred to is obsolete; there is a new set of bridge
utilities and a new bridge-firewall patch. The new utilities are also
being converted to work with 2.4; as I understand it the utilities are
done but the iptables/bridge-firewall patch is experimental.
The bridgex utilities as done by Materhorn's Matthew Grant are obsolete;
now the utilities are being mantained by Lennert Buytenhek
([EMAIL PROTECTED]).
The info is at bridge.sourceforge.net; the current Oxygen development
image is set up as a bridge with a bridging 2.2 kernel with firewall
patches. I haven't excersized the bridge or the bridge firewall, but
the kernel works just fine (2.2.19).
However, the bridge utils would not compile for glibc 2.0.7. No doubt
Matt's old bridgex would, but I haven't used that; the current bridge
utils I've packaged up and put into a *.lrp on the current Oxygen devel.
image.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
