From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-144824-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 8326313873F
	for <garchives@archives.gentoo.org>; Tue, 29 Jan 2013 17:16:05 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CA40821C029;
	Tue, 29 Jan 2013 17:15:56 +0000 (UTC)
Received: from mail-oa0-f51.google.com (mail-oa0-f51.google.com [209.85.219.51])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 3B2D521C014
	for <gentoo-user@lists.gentoo.org>; Tue, 29 Jan 2013 17:15:55 +0000 (UTC)
Received: by mail-oa0-f51.google.com with SMTP id n12so690965oag.10
        for <gentoo-user@lists.gentoo.org>; Tue, 29 Jan 2013 09:15:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:content-type;
        bh=qi4lmh5oq/OZdUkklvoVQjHij/BZVvEyPNjJOhW2enY=;
        b=DNro34MC3i4pSzLHPO3smai+6G5YwHCAk7zLM/dCalxPGCz/HOUtWQnwV1Z1IdfRSc
         DrZG5D31yTb8WfOkWSMmlTMGRxd9hGKH1obZajliOraNtMOH9LeYLddALEH5GuVl4s4N
         2gL/fATYsHLGxTqugp3SoV/HHF5KgvOIPkSaysts8cCPlgiSaPcG4JHrypWUoMFBLUxX
         WZGa9MSajzC5YhozLm6kjsBPLHYIx33TUwI/nM4BTFy7PeMvTstrIQSJbIwxWJR8+0pM
         UlJrk0s3Jq1Cd8ZXULcBpDVgEQG02P5mgYpm0+7FDlVePwAMQVaH1i4L5NI92EgFadQK
         XJiw==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.60.12.103 with SMTP id x7mr1355780oeb.56.1359479754291; Tue,
 29 Jan 2013 09:15:54 -0800 (PST)
Received: by 10.76.20.243 with HTTP; Tue, 29 Jan 2013 09:15:54 -0800 (PST)
In-Reply-To: <loom.20130129T153428-777@post.gmane.org>
References: <loom.20130129T153428-777@post.gmane.org>
Date: Tue, 29 Jan 2013 12:15:54 -0500
Message-ID: <CA+czFiBT8aNY_jpshn0vQpJ6TaqSDkoTeSTZJPrqD1+a6LSfoA@mail.gmail.com>
Subject: Re: [gentoo-user] ebtables on Gentoo?
From: Michael Mol <mikemol@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 7e103e13-7ae4-4709-beb1-8249d60f45e4
X-Archives-Hash: 135fa5f9880a9661b3e957284c897644

On Tue, Jan 29, 2013 at 9:45 AM, James <wireless@tampabay.rr.com> wrote:
> Hello,
>
> From here: http://ebtables.sourceforge.net/
>
>
> We read:
> The ebtables tool can be combined with the other Linux filtering tools
> (iptables, ip6tables and arptables) to make a bridging firewall that is also
> capable of filtering these higher network layers. This is enabled through the
> bridge-netfilter architecture which is a part of the standard Linux kernel.
>
>
> Can someone explain to me when/how you would use ebtables
> for enhanced security, or forward me to a good written
> presentation on when, why or how to deploy ebtables?
> Maybe a package already blends these components together?
> I recently saw ebtables pop up in a commercial product
> ( sniffed terminal boot session) offered by Seimens......
>
>
> Of keen interest is documentation/experiences on the
> Gentoo platform when using ebtables. Googling has provided little.
>
>
> curiously,
> James
>
>

iptables and ip6tables operate at the data layer, layer 3.

ebtables operates at the link layer, layer 2.

This is really the best explanation I can offer, as I haven't used
ebtables myself:

http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg


--
:wq