[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bridge firewall (was: Re: subnets, not routing etc.)

To: Philipp Schott <philipp@mathematik.uni-freiburg.de>
Subject: Re: bridge firewall (was: Re: subnets, not routing etc.)
From: Jason Wright <jason@thought.net>
Date: Fri, 17 Nov 2000 00:56:20 -0500
Cc: misc@openbsd.org
References: <A908EC1F69F3D211B28E0008C7A4201601AEB89F@dwssrv20.noceast.dws.disney.com> <3A13EF44.B697D97A@mathematik.uni-freiburg.de>
User-Agent: Mutt/1.1.1i

On Thu, Nov 16, 2000 at 03:29:24PM +0100, Philipp Schott wrote:
> i love the idea of a bridge firewall and i'd like to build one for one
> of our student's pools.
> is there anybody out there using such a thing? any caveats? pros & cons?
> 
Most of the caveats are documented in bridge(4) and brconfig(8).  You
need to be careful with the ipf rules (noting that only the 'in' rules
are processed), and careful which nics you use (no tl(4)'s allowed).  The
IPF howto is very useful for explaining some of the good features of ipf
and the openbsd bridge stuff (http://www.obfuscation.org/ipf/).

The pro is that you get a nice transparent firewall. =)

--Jason Wright

References:
- RE: subnets, not routing etc.
  - From: "Jenkins, Michael" <Michael.Jenkins@disney.com>
- bridge firewall (was: Re: subnets, not routing etc.)
  - From: Philipp Schott <philipp@mathematik.uni-freiburg.de>

Prev by Date: Re: 3 PCI NIC's on OpenBSD 2.6(x86) sharing IRQ's
Next by Date: Re: Wireless LAN setup
Prev by thread: bridge firewall (was: Re: subnets, not routing etc.)
Next by thread: Re: bridge firewall : a caveat
Index(es):
- Date
- Thread