Jed Clear <[email protected]> writes: > I haven't explored iptables in bridge/layer 2 mode, but there is no > fundamental reason you can't packet sniff or firewall traffic in > bridge mode. The traffic has to pass through your kernel.
I don't know about iptables, but ipfilter in NetBSD can do filtering by matching on IP headers for bridges. With snort, you should be able to pick any of the bridged interfaces, but once you start firewalling you probably want the WAN-facing one.
pgpuE7a9dOpiM.pgp
Description: PGP signature
_______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
