Re: [Shorewall-users] Protecting hosts from each other

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> Shorewall can't help you in the case of a bridge -- neither can
> routefilter. You would have to use arptables to prevent a misconfigured
> host from hijacking your network.
>   
Which is exactly why I use arptables to "manually" craft my INPUT, 
OUTPUT and FORWARD arptables chains (in shorewall's "started") - these 
chain definitions are very similar to their corresponding counterparts 
in iptables, and there is even arptables-restore, using the same format 
as iptables-restore, to restore arptables chains.

There is a proposal I've made a while ago for such functionality to be 
included as part of shorewall (a bit like "rules" for arptables, if you 
like) as I think it would be beneficial to everyone.