Download ebtalbes filtering tool

Download ebtables

From ebtalbes, website:
The ebtables program is a filtering tool for a bridging firewall. The filtering is focussed on the Link Layer Ethernet frame fields. Apart from filtering, it also gives the ability to alter the Ethernet MAC addresses and implement a brouter.
This website is also a reference for the Linux bridge-nf code, which gives Linux the functionality of a bridging IP/IPv6/ARP firewall, by letting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARP packets. Both ebtables and bridge-nf are a part of the standard 2.6 kernel. A patch for the 2.4 stable kernel is maintained here, because enough people keep bugging me when Marcelo releases yet another 2.4 kernel.

What is ebtables
The ebtables utility enables basic Ethernet frame filtering on a Linux bridge, logging, MAC NAT and brouting. It only provides basic IP filtering, the full-fledged IP filtering on a Linux bridge is done with iptables. The so-called bridge-nf code makes iptables see the bridged IP packets and enables transparent IP NAT. The firewalling tools iptables and ebtables can be used together and are complementary. ebtables tries to provide the bridge firewalling that iptables cannot provide, namely the filtering of non-IP traffic.


Ebtables features:
Usage analogous to iptables.
Ethernet filtering.
MAC NAT: ability to alter the MAC Ethernet source and destination address. This can be useful in some very strange setups (a real-life example is available).
Brouting: decide which traffic to bridge between two interfaces and which traffic to route between the same two interfaces. The two interfaces belong to a logical bridge device but have their own IP address and can belong to a different subnet.
Pass packets to userspace programs, using netlink sockets (the ulog watcher).

What ebtables do?
- Ethernet protocol filtering.
- MAC address filtering.
- Simple IP header filtering.
- ARP header filtering.
- 802.1Q VLAN filtering.
- In/Out interface filtering (logical and physical device).
- MAC address nat.
- Logging.
- Frame counters.
- Ability to add, delete and insert rules; flush chains; zero counters.
- Brouter facility.
- Ability to atomically load a complete table, containing the rules you made, into the kernel. See the man page and the examples section.
- Support for user defined chains.
- Support for marking frames and matching marked frames.
- {Ip,Ip6,Arp}tables can filter bridged IPv4/IPv6/ARP packets, even when encapsulated in an 802.1Q VLAN header.
- All filtering, logging and NAT features of the 3 tools can therefore be used on bridged frames.
- Combined with ebtables, the bridge-nf code therefore makes Linux a very powerful transparent firewall.
- This enables, f.e., the creation of a transparent masquerading machine (i.e. all local hosts think they are directly connected to the Internet).
- Letting {ip,ip6,arp}tables see bridged traffic can be disabled using the appropriate proc entries, located in /proc/sys/net/bridge/. Also, letting the aforementioned firewall tools see 802.1Q VLAN encapsulated packets can be disabled with such a proc entry.

Basic ebtables filtering configuration

4:55 AM | Tags: , |

This entry was posted on 4:55 AM and is filed under firewall , security . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)