Re: [SLUG] Bridging Firewall

From: Andrew M Hoerter (amh@pobox.com)
Date: Thu Jun 19 2003 - 12:58:45 EDT

Next message: Levi Bard: "Re: [SLUG] Ready for your computer to be destroyed?"
Previous message: Levi Bard: "RE: [SLUG] LTSP White Paper on LTSP Web Site"
In reply to: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Next in thread: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Reply: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 19 Jun 2003, Ian C. Blenke wrote:

> As the bridging happens *before* your firewall's IP stack gets ahold of the
> frames, all "external" traffic will show up on the "internal" network.

Er... if that's true of Linux iptables+bridging, then Linux makes a
piss-poor bridging firewall.

The whole point of a "transparent" firewall is that the firewall software
*does* inspect the packets before bridging them. Otherwise, what's the
use?

I do agree that bridging isn't necessarily called for here, but there's
nothing wrong with it either. If you can manage your firewall without it
having an IP address, so much the better for security.

Next message: Levi Bard: "Re: [SLUG] Ready for your computer to be destroyed?"
Previous message: Levi Bard: "RE: [SLUG] LTSP White Paper on LTSP Web Site"
In reply to: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Next in thread: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Reply: Ian C. Blenke: "Re: [SLUG] Bridging Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:04:20 EDT