Re: [Shorewall-devel] Re: [Shorewall-users] Can I use my firewall computer as a hub?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 12 Aug 2003, Steve Herber wrote:

> Noticed that I have moved this question to the development list.
>
> Now that ebtables is the bridging software of choice for the newer kernels
> I have been wondering if Shorewall could be extended to support bridges.
> It looks like you have some experience with bridges and might have some
> ideas.  What I am interested in is the ability to use the great Shorewall
> configuration files to create filter rule sets for bridges.
>
> I haven't spent too much time thinking about it but as a small first step I
> would propose a /etc/Shorewall/bridges file with these columns:
>
> # interface 1	interface 2	bridge name	bridge options
> eth0		eth1		br0
>
> During Shorewall startup, the script could build the bridges.
> Are there any bridge options that need to be specified in this
> new configuration file?
>
> Once a bridge interface was known to Shorewall how would the policy and
> rules tables get extended to support bridges?
>

Steve,

I've said several times on several lists that I have no intention of
adding any bridging facilities to Shorewall. If someone want't to build a
"Shorebridge" product, I'm all for it.

One of the precepts of Open Source Software is that talented people who
have a need for a particular capability create that capability then share
it with others.

I have no need for a bridging firewall -- if someone else does, I would be
happy if they steal everything usable from Shorewall that would speed
up their development.

But I am not going to create a bridging firewall product myself and I
believe that the ebtables capability is so different from iptables that
any attempt to hack up Shorewall to use ebtables for bridging and iptables
for L3 firewalling would result in an unmaintainable mess. I'm not going
to let that happen to Shorewall.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...