On Sun, 21 Sep 2003, Manuel Bouyer wrote:

> On Sat, Sep 20, 2003 at 12:37:37PM +0200, Stefan Sonnenberg-Carstens wrote:
> > 3. How do rules look like ? If you have a bridge, it has two NIC
> > attached, it should need
> >    two rules for each case, because a bridge doubles the possible
> > in/out directions ?
>
> This I don't know, I've never used ipf over bridge yet.

I've been running a fw using ipf on a bridge. Rather than choose to
duplicate the rules on both interfaces, I have one of the interfaces do
all the blocking and the other defaults to pass.

You need to compile a kernel with BRIDGE_IPF enabled too, the GENERIC
kernel has it commented out.

Ron Roskens