From: john p. <zy...@ya...> - 2003-11-14 17:02:23
|
yes i did configure via /etc/sysconfig/nic/ifcfg-brX and also manually the bridge works fine but the problem is that when i run iptables no traffic is blocked as it used to on previous version of DL this is a quick example of my iptables on the previous version of DL ipless bridge (eth0+eth1) ------ iptables -F iptables -X iptables -N valid_traffic iptables -A valid_traffic -m state --state INVALID -j DROP iptables -A valid_traffic -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept related/established iptables -N allow_all #iptables -A allow_all -s 1.0.0.1 -j ACCEPT iptables -A FORWARD -j valid_traffic # Pass all boxes to valid_traffic iptables -A FORWARD -j allow_all # Check IP allow list iptables -A FORWARD -j DROP # Drop anything that didn't match this would mean that we allow everything only on 10.0.0.1 this rule worked on previous verion but on current version it is ignored in other words everyone has access to the internet. /etc/sysconfig/nic/ifcfg-brX ? > Did you load the module bridge ? --- Heiko Zuerker <he...@zu...> wrote: > Heiko Zuerker wrote: > > >>Hi all, > >>In the previous version of DL i had set a firewall > by > >>bridging eth0 +eth1 and running iptables with the > >>appropriate rules. > >>The problem now with ver1 is that after the bridge > is > >>up and using the same rules nothing is blocked as > if > >>no firewall is totally bypassed .. > >>any ideas ? > >> > >> > > > >The patch is still included, I don't know what's > going wrong. > >I'll document it as a bug and see what I can find > out. > > > > > > > I did some tests and it seems to work fine. > What I saw in the documentation, there seems to be > no packets passing in > the first 30 seconds after initialization of the > bridge interface. I > don't know if that is still true, since the docs are > outdated. > > Did you configure the bridge interface via our > scripts by defining the > file /etc/sysconfig/nic/ifcfg-brX ? > Did you load the module bridge ? > > cya > Heiko > > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the > latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! http://www.apachecon.com/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree |