Hi Jed,
> Am 26.06.2015 um 03:09 schrieb Jed Clear <[email protected]>:
>
> I haven't explored iptables in bridge/layer 2 mode, but there is no
> fundamental reason you can't packet sniff or firewall traffic in bridge mode.
> The traffic has to pass through your kernel.
>
Yep, I was actually wrong here! The solution is to use the -t switch in order
to use the ‚filter‘ table. So for example, the following line would block all
outgoing traffic to Soekris.com <http://soekris.com/> from all devices which
are behind the bridge:
iptables -t filter -A FORWARD -d 192.240.163.67 -j DROP
It’s really quite easy, except that you probably wouldn’t want that particular
firewall rule!
> If you were asking about FreeBSD and ipfw, I'd say yes, just look into the
> layer 2 filter points. So I'd recommend digging into the iptables
> documentation for something similar. Also not familiar with snort, but with
> tcpdump, I'd specify the interface and I'm pretty sure it would work as it is
> capturing at layer 2 (or am I thinking of Wireshark?).
Actually, I installed tshark, the CLI version of Wireshark, on the Net6501. I
could then sniff on the br0 interface and the resulting output looks promising,
seems like everything got sniffed pretty nicely!
Robin
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
