Re: [m0n0wall] Layer 2 Bridging Firewall ?

From:	Nicholas J Humfrey <njh at ecs dot soton dot ac dot uk>
To:	=?WINDOWS-1252?Q?=95_=95?= <googl3meister at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Layer 2 Bridging Firewall ?
Date:	Tue, 26 Jul 2005 19:31:05 +0100

Just checked this out on a test machine to make sure I am right.

I setup a bridge between my WAN and DMZ interfaces, initially  
Allowing All traffic to bridge between the interfaces (and the  
filtering bridge option turned on). IPv4 and IPv6 was working fine -  
ICMP, TCP etc.. I then created Block All rules for both the DMZ and  
WAN interfaces. All IPv4 traffic was correctly blocked.

However non-IPv4 packets (IPv6, IPX, AppleTalk) were still being  
bridged.


nick.


> Did you enable the filtering bridge option, otherwise you just made a
> bridge - see here:
> http://m0n0.ch/wall/docbook/index-single.html#id2578343
>
> and see 11.3.4.  Then add your firewall rules - add a deny rule at the
> top with logging and you should see packets being blocked as they
> attempt to pass the bridge.  If not, then there is something (else?)
> amiss with your config.
>
> --g'luck
> gm
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>