> On 31/07/2002, Adrian Buxton <[EMAIL PROTECTED]> > wrote To [EMAIL PROTECTED]: > > Remember the general idea for anyone implementing a transparent > bridge is > > usually to hide the presence of any packet filtering device. > Well, it is for > > me anycase. To this end, such things are return-icmp-as-destination type > > rules are not ideal - if that is what you are referring to when talking > > about the power of the packet filter.. > > You cannot return-* on a complete ipless bridge anyway. >
Yes, that's true. However someone could solve putting 3 interface on one bridge. if1 and if2 IPless if3 with IP So the box is invisible, but can return-* and be controlled remotely. NOTE: return-icmp will let know the IP of the firewall, so in most cases it's better not to use it. Bye. Ed
