Re: 2.2.5 kernel/routing/firewalling

T. S. Horsnell (tsh@mrc-lmb.cam.ac.uk)
Thu, 15 Apr 1999 10:22:05 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Abdul-Wahid Paterson: "Re: ip_rt_advice: redirect to 130.151.17.213/00 dropped"
Previous message: Andreas Barth: "Re: caps in elf, next itteration (the hack get's bigger)"

>On Wed, 14 Apr 1999, Alan Cox wrote:
>
>>
>> You can add firewalling to the bridge code. Nobody has done it yet but
>> the kernel is designed so it is possible
>>
>
>Oooohhh. <Shudder><Shudder>
>
>Yech. Transparent firewalls are UGLY. Really hard to trust, IMHO...
>

Why is this? Wouldnt they be using exactly the same filtering mechanism
as one which was filtering only routed packets? There may be much more
work to do I guess, as every packet on either side of the bridge
has to be inspected in order to make a bridging decision, then on top
of that comes the firewalling decision.
Sorry if this is naive - I'm a relative newcomer to anything beyond
a LAN.

>jf
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.rutgers.edu
>Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Abdul-Wahid Paterson: "Re: ip_rt_advice: redirect to 130.151.17.213/00 dropped"
Previous message: Andreas Barth: "Re: caps in elf, next itteration (the hack get's bigger)"