| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
Bridge: machine with no IP address of its own, between the Internet and a local network
Opererates on the Ethernet level
"Invisible" to the outside world
Is able to use PF for filtering and nat/rdr
/etc/hostname.ep0
up
/etc/hostname.ep1
up
/etc/bridgename.bridge0
add ep0 add ep1 blocknonip ep0 blocknonip ep1 up
/etc/pf.conf
ext_if = ep0
int_if = ep1
interesting-traffic = { ... }
block all
pass quick on $extern all
pass log on $int_if from $internal_net to any port $interesting-traffic keep stateSe also bridge(4), brconfig(8)
On NetBSD, needs custom kernel