Commit 9d65ad2e authored by Bart De Schuymer's avatar Bart De Schuymer Committed by Stephen Hemminger

[BRIDGING]: Update Kconfig files for bridging firewall.

parent 0f88d200
...@@ -191,9 +191,11 @@ config BRIDGE ...@@ -191,9 +191,11 @@ config BRIDGE
information. information.
If you enable iptables support along with the bridge support then you If you enable iptables support along with the bridge support then you
turn your bridge into a bridging firewall. turn your bridge into a bridging IP firewall.
iptables will then see the IP packets being bridged, so you need to iptables will then see the IP packets being bridged, so you need to
take this into account when setting up your firewall rules. take this into account when setting up your firewall rules.
Enabling arptables support when bridging will let arptables see
bridged ARP traffic in the arptables FORWARD chain.
If you want to compile this code as a module ( = code which can be If you want to compile this code as a module ( = code which can be
inserted in and removed from the running kernel whenever you want), inserted in and removed from the running kernel whenever you want),
...@@ -243,6 +245,12 @@ menuconfig NETFILTER ...@@ -243,6 +245,12 @@ menuconfig NETFILTER
box can transparently forward the traffic to a local server, box can transparently forward the traffic to a local server,
typically a caching proxy server. typically a caching proxy server.
Yet another use of Netfilter is building a bridging firewall. Using
a bridge with Network packet filtering enabled makes iptables "see"
the bridged traffic. For filtering on the lower network and Ethernet
protocols over the bridge, use ebtables (under bridge netfilter
configuration).
Various modules exist for netfilter which replace the previous Various modules exist for netfilter which replace the previous
masquerading (ipmasqadm), packet filtering (ipchains), transparent masquerading (ipmasqadm), packet filtering (ipchains), transparent
proxying, and portforwarding mechanisms. Please see proxying, and portforwarding mechanisms. Please see
......
# #
# Bridge netfilter configuration # Bridge netfilter configuration
# #
menu "Bridge: Netfilter Configuration"
depends on BRIDGE && NETFILTER
config BRIDGE_NF_EBTABLES config BRIDGE_NF_EBTABLES
tristate "Bridge: ebtables" tristate "Ethernet Bridge tables (ebtables) support"
depends on NETFILTER && BRIDGE help
ebtables is a general, extensible frame/packet identification
framework. Say 'Y' or 'M' here if you want to do Ethernet
filtering/NAT/brouting on the Ethernet bridge.
# #
# tables # tables
# #
...@@ -172,3 +179,5 @@ config BRIDGE_EBT_LOG ...@@ -172,3 +179,5 @@ config BRIDGE_EBT_LOG
If you want to compile it as a module, say M here and read If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'. <file:Documentation/modules.txt>. If unsure, say `N'.
endmenu
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment