Diffstat (limited to 'docs/ebtables-hacking/ebtables-hacking-HOWTO-1.html')
1 files changed, 72 insertions, 0 deletions
diff --git a/docs/ebtables-hacking/ebtables-hacking-HOWTO-1.html b/docs/ebtables-hacking/ebtables-hacking-HOWTO-1.html
new file mode 100644
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<title>Ebtables Hacking HOWTO: Introduction</title>
+<link HREF="ebtables-hacking-HOWTO.html#toc1" REL=contents>
+<h2><a NAME="intro"></a> <a NAME="s1">1.</a> <a HREF="ebtables-hacking-HOWTO.html#toc1">Introduction</a></h2>
+<p>Hi guys (famous opening sentence).</p>
+<p>This document wants to tell the interested how to implement extensions
+on top of the ebtables architecture.</p>
+<p>For more understanding of netfilter and a broader look I recommend
+reading the HOWTO's on the netfilter homepage. The "netfilter hacking HOWTO"
+is certainly worth your time. Also very recommended is the
+"ebtables/iptables interaction on a Linux-based bridge" document (call name br_fw_ia) which
+you can find on the ebtables homepage.
+This document discusses ebtables version 2.0, later versions might have subtle changes.
+<p>(C) 2002 Bart De Schuymer. Licenced under the GNU GPL.</p>
+<h2><a NAME="ss1.1">1.1</a> <a HREF="ebtables-hacking-HOWTO.html#toc1.1">What is ebtables?</a>
+<p>Ebtables is a filter/nat facility for the Linux Ethernet bridge. Its
+implementation and usage is very similar to that of iptables. However,
+ebtables works mostly on the Link Layer, while iptables mostly works on the
+<h2><a NAME="ss1.2">1.2</a> <a HREF="netfilter-hacking-HOWTO.html#toc1.2">Why do I need ebtables?</a>
+Ebtables enables you to get a transparent bridging firewall, it also provides
+the functionality of a brouter and lets you make things like transparent proxys.
+What's cooler than playing around with a firewall? Playing around with a transparent
+firewall (stealth firewall), ofcourse! OK, a really cool stealth firewall would allow
+great stuff like IP NAT; that can be obtained with the bridge-nf stuff, which links
+iptables to the bridging world. For more information about bridge-nf, the br_fw_ia document
+Concentrating on ebtables, it enables us, for example, to filter out ugly stuff
+like NetBEUI traffic coming from another side of the bridge into our sweet
+IP-only side. Basically, it gives us complete access to the Ethernet header of all frames
+the bridge can get its hands on, along with some elementary access to the protocols on top
+of Ethernet (like IP and ARP).
+<h2><a NAME="ss1.3">1.3</a> <a HREF="netfilter-hacking-HOWTO.html#toc1.3">Who are you?</a>
+<p>I'm just someone who was foolish enough to start reading Rusty's code and, consequently,
+got hooked on kernel hacking. So all blame Rusty!