Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
9d65ad2e
Commit
9d65ad2e
authored
Aug 23, 2003
by
Bart De Schuymer
Committed by
Stephen Hemminger
Aug 23, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[BRIDGING]: Update Kconfig files for bridging firewall.
parent
0f88d200
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
20 additions
and
3 deletions
+20
-3
net/Kconfig
net/Kconfig
+9
-1
net/bridge/netfilter/Kconfig
net/bridge/netfilter/Kconfig
+11
-2
No files found.
net/Kconfig
View file @
9d65ad2e
...
@@ -191,9 +191,11 @@ config BRIDGE
...
@@ -191,9 +191,11 @@ config BRIDGE
information.
information.
If you enable iptables support along with the bridge support then you
If you enable iptables support along with the bridge support then you
turn your bridge into a bridging firewall.
turn your bridge into a bridging
IP
firewall.
iptables will then see the IP packets being bridged, so you need to
iptables will then see the IP packets being bridged, so you need to
take this into account when setting up your firewall rules.
take this into account when setting up your firewall rules.
Enabling arptables support when bridging will let arptables see
bridged ARP traffic in the arptables FORWARD chain.
If you want to compile this code as a module ( = code which can be
If you want to compile this code as a module ( = code which can be
inserted in and removed from the running kernel whenever you want),
inserted in and removed from the running kernel whenever you want),
...
@@ -243,6 +245,12 @@ menuconfig NETFILTER
...
@@ -243,6 +245,12 @@ menuconfig NETFILTER
box can transparently forward the traffic to a local server,
box can transparently forward the traffic to a local server,
typically a caching proxy server.
typically a caching proxy server.
Yet another use of Netfilter is building a bridging firewall. Using
a bridge with Network packet filtering enabled makes iptables "see"
the bridged traffic. For filtering on the lower network and Ethernet
protocols over the bridge, use ebtables (under bridge netfilter
configuration).
Various modules exist for netfilter which replace the previous
Various modules exist for netfilter which replace the previous
masquerading (ipmasqadm), packet filtering (ipchains), transparent
masquerading (ipmasqadm), packet filtering (ipchains), transparent
proxying, and portforwarding mechanisms. Please see
proxying, and portforwarding mechanisms. Please see
...
...
net/bridge/netfilter/Kconfig
View file @
9d65ad2e
#
#
# Bridge netfilter configuration
# Bridge netfilter configuration
#
#
menu "Bridge: Netfilter Configuration"
depends on BRIDGE && NETFILTER
config BRIDGE_NF_EBTABLES
config BRIDGE_NF_EBTABLES
tristate "Bridge: ebtables"
tristate "Ethernet Bridge tables (ebtables) support"
depends on NETFILTER && BRIDGE
help
ebtables is a general, extensible frame/packet identification
framework. Say 'Y' or 'M' here if you want to do Ethernet
filtering/NAT/brouting on the Ethernet bridge.
#
#
# tables
# tables
#
#
...
@@ -172,3 +179,5 @@ config BRIDGE_EBT_LOG
...
@@ -172,3 +179,5 @@ config BRIDGE_EBT_LOG
If you want to compile it as a module, say M here and read
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
<file:Documentation/modules.txt>. If unsure, say `N'.
endmenu
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment