On Mon, 2004-03-15 at 18:16, Tony wrote: > I have a few questions regarding this... > > Now, if I have this figured correctly, the bridge is transparent to your > ISP, so you would need another host behind the bridge to have an > address, correct? The use I have in mind would be statically assigned. Typically there are hosts with addresses on both sides of the bridge.
> > Also, I would expect the bridge still to work without having an IP > assigned to the bridge (if the only reason to have the IP is for > management) if you connect via serial cable for management, right? A bridge doesn't have to have an IP, though perhaps you can't use Shorewall without one. > > Finally, the firewalling aspect of the bridge only works in the FORWARD > chain, right? DNAT and SNAT and all that won't work correctly would > it? All I want to do is have the bridge do some rough filtering for me, > alot of the background noise such as SQL sweeps and backdoor checking. > Perhaps an IDS such as Snort, but I don't know yet. Take a look at ebtables.sourceforge.net, particularly http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html > > Thanks, > > Tony > ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html