Anyone using a bridge firewall with iptables and ebtables?

CoffeeKing!!! · 10-31-2009, 03:17 PM

Whether you are or are not, what are the pros and cons?
If you are, where and how much traffic is it seeing?
What are the specs of your equipment?

janoszen · 11-01-2009, 09:46 AM

Wow, that is one cool project, I can tell you. Sun Microsystems has some appliance, which is basically a layer 2 firewall bridge. So you could set up a bridge between two ports without configuring an IP address on them, making the firewall almost invulnurable to attack. However, ebtables may be a problem performance-wise. Try and please please please do report back.

One little comment: if you are not using ebtables in the manner described above, there is almost no point in using it.

CoffeeKing!!! · 11-02-2009, 10:02 AM

Quote:

Originally Posted by janoszen

Wow, that is one cool project, I can tell you. Sun Microsystems has some appliance, which is basically a layer 2 firewall bridge. So you could set up a bridge between two ports without configuring an IP address on them, making the firewall almost invulnurable to attack. However, ebtables may be a problem performance-wise. Try and please please please do report back.

One little comment: if you are not using ebtables in the manner described above, there is almost no point in using it.

I didn't know that Sun had that piece of equipment. I'm just going to use an old PC and two nics. I'm confused about why I should use Ebtables. I'm getting the feeling that Iptables has obsoleted it. Could you tell me how Ebtables hasn't been surpassed by Iptables?

janoszen · 11-02-2009, 11:10 AM

To my knowledge iptables is layer 3 whereas ebtables is layer 2. In laymans terms you can't use iptables in a non-routed environment. If you were to set up the firewall on an ethernet bridge as I have suggested, you'd have to use ebtables. Well, in theory, I unfortunately never had the time to try it out.