From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8326313873F for ; Tue, 29 Jan 2013 17:16:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CA40821C029; Tue, 29 Jan 2013 17:15:56 +0000 (UTC) Received: from mail-oa0-f51.google.com (mail-oa0-f51.google.com [209.85.219.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3B2D521C014 for ; Tue, 29 Jan 2013 17:15:55 +0000 (UTC) Received: by mail-oa0-f51.google.com with SMTP id n12so690965oag.10 for ; Tue, 29 Jan 2013 09:15:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=qi4lmh5oq/OZdUkklvoVQjHij/BZVvEyPNjJOhW2enY=; b=DNro34MC3i4pSzLHPO3smai+6G5YwHCAk7zLM/dCalxPGCz/HOUtWQnwV1Z1IdfRSc DrZG5D31yTb8WfOkWSMmlTMGRxd9hGKH1obZajliOraNtMOH9LeYLddALEH5GuVl4s4N 2gL/fATYsHLGxTqugp3SoV/HHF5KgvOIPkSaysts8cCPlgiSaPcG4JHrypWUoMFBLUxX WZGa9MSajzC5YhozLm6kjsBPLHYIx33TUwI/nM4BTFy7PeMvTstrIQSJbIwxWJR8+0pM UlJrk0s3Jq1Cd8ZXULcBpDVgEQG02P5mgYpm0+7FDlVePwAMQVaH1i4L5NI92EgFadQK XJiw== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.60.12.103 with SMTP id x7mr1355780oeb.56.1359479754291; Tue, 29 Jan 2013 09:15:54 -0800 (PST) Received: by 10.76.20.243 with HTTP; Tue, 29 Jan 2013 09:15:54 -0800 (PST) In-Reply-To: References: Date: Tue, 29 Jan 2013 12:15:54 -0500 Message-ID: Subject: Re: [gentoo-user] ebtables on Gentoo? From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 7e103e13-7ae4-4709-beb1-8249d60f45e4 X-Archives-Hash: 135fa5f9880a9661b3e957284c897644 On Tue, Jan 29, 2013 at 9:45 AM, James wrote: > Hello, > > From here: http://ebtables.sourceforge.net/ > > > We read: > The ebtables tool can be combined with the other Linux filtering tools > (iptables, ip6tables and arptables) to make a bridging firewall that is also > capable of filtering these higher network layers. This is enabled through the > bridge-netfilter architecture which is a part of the standard Linux kernel. > > > Can someone explain to me when/how you would use ebtables > for enhanced security, or forward me to a good written > presentation on when, why or how to deploy ebtables? > Maybe a package already blends these components together? > I recently saw ebtables pop up in a commercial product > ( sniffed terminal boot session) offered by Seimens...... > > > Of keen interest is documentation/experiences on the > Gentoo platform when using ebtables. Googling has provided little. > > > curiously, > James > > iptables and ip6tables operate at the data layer, layer 3. ebtables operates at the link layer, layer 2. This is really the best explanation I can offer, as I haven't used ebtables myself: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg -- :wq