From 81d84b6c451b91284760efc033b5443c1983b1da Mon Sep 17 00:00:00 2001 From: fnm3 Date: Sat, 8 Feb 2003 15:08:34 +0000 Subject: Initial version of FAQ page --- docs/ebtables-faq.html | 170 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 docs/ebtables-faq.html diff --git a/docs/ebtables-faq.html b/docs/ebtables-faq.html new file mode 100644 index 0000000..e40ed48 --- /dev/null +++ b/docs/ebtables-faq.html @@ -0,0 +1,170 @@ + + + + Ebtables (Ethernet Bridge Tables) Frequently Asked + Questions + + + + + + + + + + +

Questions

+
    +
  1. Intro
    2. +
  2. Installation
    3. +
  3. Usage
    4. +
  4. Other
    5. +
+

Answers

+
    +
  1. + Intro +
    +
    What is the ebtables?
    +
    The ebtables project is the Linux 2.4.x Link Layer + firewalling subsystem. It delivers for Linux the functionality of + Ethernet frame filtering, all kinds of frame NAT (Network Address + Translation) and frame matching. Currently ebtables is not a part + of 2.4.x kernels, but now in the >=2.5.40 kernels.
    +
    Why do I use it?
    +
    Probably, to filter frames by MAC-address or frame type at + Link Layer inside Your Linux-based Ethernet bridge.
    +
    + [Back to the top] +
    +
    2. +
  2. + Installation +
    +
    What should I do to know before ebtables installation?
    +
    First step is to check what the kernel version will be used + with ebtables. If the kernel version above than 2.5.39 was + installed, then kernel sources need no to be patched by the + ebtables_kernel and br-nf-bds patches. Go to Ethernet bridge + tables and download br_nf_bds, ebtables_kernel + and ebtables packages.
    +
    What is the "ebtables_kernel" package and why should I use + it?
    +
    + The ebtables_kernel package contains a patch against a + Linux kernel. It allows filtering on the Link Layer (OSI Layer + 2). Well know that iptables works on the Network Layer (OSI + Layer 3) and on the upper layers. For a bridging firewall it is + important to be able to filter on Link Layer as well. Copy + patch file to the kernel source (usually it named + /usr/src/linux or /usr/src/linux-2.X.YY) and execute +
    +# cp ebtables-v2.0.003_vs_2.4.20.diff.gz /usr/src/linux
+# gunzip ebtables-v2.0.003_vs_2.4.20.diff.gz 
+# patch -p1 < ebtables-v2.0.003_vs_2.4.20.diff
+
    +
    +
    What is the "br-nf-bds" package and why should I use it?
    +
    + The br-nf-bds package contains a patch against Linux + kernel that is already patched with the ebtables_kernel + patch. It add ability of iptables usage on a bridge to make a + bridging firewall. The big part of this patch was complete by + Lennert Buytenhek. The bridge-nf code is automatically compiled + into the patched kernel if the bridge and netfilter support is + enabled. +
    +# cp bridge-nf-0.0.10-against-2.4.20.diff.gz /usr/src/linux
+# gunzip bridge-nf-0.0.10-against-2.4.20.diff.gz
+# patch -p1 < bridge-nf-0.0.10-against-2.4.20.diff
+
    +
    +
    What is the "ebtables" package and why should I use it?
    +
    + The ebtables package contains the ebtables userspace + tool. Namelly this ebtables binary is used to make filtering + rules for the Linux-based Ethernet bridge. The rules is applied + for bridged packets at Link Layer. The ebtables usage is very + similar to the iptables, so it should not be so hard. Of + course, there is a man page supplied. Just gunzip and untar the + package and read the INSTALL file.
    + +
    +# make
+
    + Put ebtables binary to the superuser binaries directory (f.e. + /usr/sbin) manually or +
    +# make install
+
    +
    +
    + [Back to the top] +
    +
    3. +
  3. + Usage +
    +
    Can I drop the ARP packets in linux bridge box using the + ebtables?
    +
    Yes, it's possible to filter the ARP packets (same as any + other Ethernet frames) using linux bridge and ebtables together. + According to the rule target, the frame can be dropped, accepted, + passed to next rule, etc.
    + See the ebtables manual page for + details.
    +
    Can I use ebtables with iptables? Is there any problems to + use it together?
    +
    Yes, it's possible to use ebtables with iptables. Detailed + info about ebtables/iptables interaction is explained at the page + "ebtables/iptables interaction on a + Linux-based bridge"
    +
    Can ebtables to do a frame accounting on my bridge?
    +
    + Yes, it's possible to view bridged frames and bytes count by +
    +# ebtables -L --Lc
+
    +
    +
    +
    + [Back to the top] +
    +
    4. +
  4. + Other
    +
    +
    I'm not a Linux system programer, but I need a feature, which + is not (yet) implemented in the ebtables. What should I do?
    +
    Contact by email to ebtables developers directly or subscribe + to the ebtables + users mail list. Then post short and clean description of + Your wanted feature to mail list.
    +
    I'm Linux system programmer and I can do any ebtables feature by + myself. What I should begin in that case?
    +
    Subscribe to the ebtables + developers mail list. Learn the "Ebtables Hacking HOWTO". + Create Your account at SourceForge.net (if You still haven't it) + and inform the Project Admin about Your intention to join to + ebtables developers and to make a new ebtables feature. After + that You should be able to working with ebtables source code, + which is placed at SourceForge cvs repository. Now You can make + Your ebtables feature or anything else (to drink a cup of coffee, + f.e. ;).
    +
    +
    + [Back to the top] +
    5. +
+
+ + -- cgit v1.2.3