On Tue, 2005-11-01 at 07:37 -0600, Justin Willmert wrote:
> OK, I thought I had my firewall set up correctly, because I had a
> default policy to accept on the OUTPUT and FORWARD chains so I never
> thought that'd be a problem, but when I shut it off, it does work. So
> now I guess my question would be, what special rules do I need to create
> to allow this bridge setup to work with a firewall? Here is my firewall
> script.
For a packet filtering bridge you might also want to look at using
iptables physdev module to control traffic through a physical interface.
For example this rule to forward all traffic coming in through eth1:
iptables -A FORWARD -m physdev --physdev-in eth1 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
You might also want to look at ebtables:
http://ebtables.sourceforge.net/
--
Ian
