diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2002-09-27 16:40:13 +0000 |
---|---|---|
committer | Bart De Schuymer <bdschuym@pandora.be> | 2002-09-27 16:40:13 +0000 |
commit | 611c23e9abdbeca300467305b62b9c0f7bf3cd69 (patch) | |
tree | 436dbe2e7cd9d0a5c5c13ef090b388767242ccc7 /docs/br_fw_ia | |
parent | 61d8e48e9fdbbd5d2098ad436eb8806030431536 (diff) |
deal with fact that ebtables is inside 2.5.x
Diffstat (limited to 'docs/br_fw_ia')
-rw-r--r-- | docs/br_fw_ia/br_fw_ia.html | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/docs/br_fw_ia/br_fw_ia.html b/docs/br_fw_ia/br_fw_ia.html index 174c293..aee5ae4 100644 --- a/docs/br_fw_ia/br_fw_ia.html +++ b/docs/br_fw_ia/br_fw_ia.html @@ -63,16 +63,12 @@ This document describes how <EM>iptables</EM> and <EM>ebtables</EM> filtering tables interact on a Linux-based bridge.<BR> Getting a bridging firewall consists of patching the kernel source - code with two patches. - The first patch adds <EM>ebtables</EM> support in the kernel. - The second patch is called "br-nf-bds" and makes - bridged IP frames/packets go through the <EM>iptables</EM> chains. + code with one or two patches. + Kernels 2.5.39 and above only need the "br-nf-bds" patch, since ebtables has been integrated in the 2.5.x series. + For other kernels, you need to first apply the patch that adds <EM>ebtables</EM> support in the kernel. + The "br-nf-bds" patch makes bridged IP frames/packets go through the <EM>iptables</EM> chains. <EM>Ebtables</EM> filters on the Ethernet layer, while <EM>iptables</EM> only filters IP packets.<BR> - It is possible to use <EM>ebtables</EM> without compiling the br-nf-bds - code into the kernel; and vice versa. The only reason why the br-nf-bds - patch has to be applied after the <EM>ebtables</EM> patch is because - some files are changed by both patches.<BR> The explanations below will use the TCP/IP Network Model. It should be noted that the br-nf-bds patch sometimes violates the TCP/IP Network |