Re: bridging and IP-filtering

Chris Osicki (osk@gd2.swissptt.ch)
Mon, 19 Jul 1999 18:38:03 +0200


> On Mon, 19 Jul 1999, Chris Osicki wrote:
>
> > Hi,
> >
> > I applied the kernel patches from http://ac2i.tzo.com/bridge_filter/
> > to 2.2.10 kernel source to enable IP filtering when bridging.
> > It works very well with ACCEPT and DENY. In an attempt to make it
> > also work with REJECT (send back a dest unreachable ICMP message)
>
> [snip]
>
> > Would any of you experts like to comment? Is it possible to achieve
> > what I'm trying?
>
> I don't think so. Since you do bridging you are not a router and you
> cannot send back a reject (the sending host expects to talk to someone on
> the same network).
>
> -Petru
>

And to talk to someone on the same network (wire) all it needs is
a MAC address of the other host, nothing else.
SunScreen from Sun proves it can be done, at least with Solaris.
And after all, there can't be anything other OSes
can do what Linux couldn't ;-)

Regards,
Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/