| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <html> |
| <head> |
| <title>Ebtables Hacking HOWTO: Introduction</title> |
| |
| <link HREF="ebtables-hacking-HOWTO.html#toc1" REL=contents> |
| </head> |
| <body> |
| <a HREF="ebtables-hacking-HOWTO-2.html">Next</a> |
| Previous |
| <a HREF="ebtables-hacking-HOWTO.html#toc1">Contents</a> |
| <hr> |
| <h2><a NAME="intro"></a> <a NAME="s1">1.</a> <a HREF="ebtables-hacking-HOWTO.html#toc1">Introduction</a></h2> |
| |
| <p>Hi guys (famous opening sentence).</p> |
| |
| <p>This document wants to tell the interested how to implement extensions |
| on top of the ebtables architecture.</p> |
| |
| <p>For more understanding of netfilter and a broader look I recommend |
| reading the HOWTO's on the netfilter homepage. The "netfilter hacking HOWTO" |
| is certainly worth your time. Also very recommended is the |
| "ebtables/iptables interaction on a Linux-based bridge" document (call name br_fw_ia) which |
| you can find on the ebtables homepage. |
| </p> |
| <p> |
| This document discusses ebtables version 2.0, later versions might have subtle changes. |
| </p> |
| |
| <p>(C) 2002 Bart De Schuymer. Licenced under the GNU GPL.</p> |
| |
| <h2><a NAME="ss1.1">1.1</a> <a HREF="ebtables-hacking-HOWTO.html#toc1.1">What is ebtables?</a> |
| </h2> |
| |
| <p>Ebtables is a filter/nat facility for the Linux Ethernet bridge. Its |
| implementation and usage is very similar to that of iptables. However, |
| ebtables works mostly on the Link Layer, while iptables mostly works on the |
| Network Layer. |
| <h2><a NAME="ss1.2">1.2</a> <a HREF="netfilter-hacking-HOWTO.html#toc1.2">Why do I need ebtables?</a> |
| </h2> |
| |
| <p> |
| Ebtables enables you to get a transparent bridging firewall, it also provides |
| the functionality of a brouter and lets you make things like transparent proxys. |
| What's cooler than playing around with a firewall? Playing around with a transparent |
| firewall (stealth firewall), ofcourse! OK, a really cool stealth firewall would allow |
| great stuff like IP NAT; that can be obtained with the bridge-nf stuff, which links |
| iptables to the bridging world. For more information about bridge-nf, the br_fw_ia document |
| is recommended. |
| </p> |
| <p> |
| Concentrating on ebtables, it enables us, for example, to filter out ugly stuff |
| like NetBEUI traffic coming from another side of the bridge into our sweet |
| IP-only side. Basically, it gives us complete access to the Ethernet header of all frames |
| the bridge can get its hands on, along with some elementary access to the protocols on top |
| of Ethernet (like IP and ARP). |
| </p> |
| |
| |
| <h2><a NAME="ss1.3">1.3</a> <a HREF="netfilter-hacking-HOWTO.html#toc1.3">Who are you?</a> |
| </h2> |
| |
| <p>I'm just someone who was foolish enough to start reading Rusty's code and, consequently, |
| got hooked on kernel hacking. So all blame Rusty! |
| </p> |
| <hr> |
| <a HREF="ebtables-hacking-HOWTO-2.html">Next</a> |
| Previous |
| <a HREF="ebtables-hacking-HOWTO.html#toc1">Contents</a> |
| </body> |
| </html> |
| |