[Soekris] Limitations of Net6501 as a network bridge
mlists at robin-kipp.net
Fri Jun 26 16:23:30 CEST 2015
> Am 26.06.2015 um 03:09 schrieb Jed Clear <jclear at speakeasy.net>:
> I haven't explored iptables in bridge/layer 2 mode, but there is no fundamental reason you can't packet sniff or firewall traffic in bridge mode. The traffic has to pass through your kernel.
Yep, I was actually wrong here! The solution is to use the -t switch in order to use the ‚filter‘ table. So for example, the following line would block all outgoing traffic to Soekris.com <http://soekris.com/> from all devices which are behind the bridge:
iptables -t filter -A FORWARD -d 18.104.22.168 -j DROP
It’s really quite easy, except that you probably wouldn’t want that particular firewall rule!
> If you were asking about FreeBSD and ipfw, I'd say yes, just look into the layer 2 filter points. So I'd recommend digging into the iptables documentation for something similar. Also not familiar with snort, but with tcpdump, I'd specify the interface and I'm pretty sure it would work as it is capturing at layer 2 (or am I thinking of Wireshark?).
Actually, I installed tshark, the CLI version of Wireshark, on the Net6501. I could then sniff on the br0 interface and the resulting output looks promising, seems like everything got sniffed pretty nicely!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Soekris-tech