[BBLISA] Limoncelli Article "Firewall is a Bridge"
Dan Ritter
dsr-bblisa at randomstring.org
Sat Jul 16 10:14:58 EDT 2016
On Sat, Jul 16, 2016 at 08:30:51AM -0400, Daniel Feenberg wrote:
>
> We'd like to isolate a few machines from the rest of our LAN without
> renumbering them into a subnet.
>
> In 1999 Tim Limoncelli wrote a very interesting article titled "Tricks you
> can play if your firewall is a bridge". Section 6 appears to outline just
> what we are looking for. It is up on the Usenet website at:
>
> http://static.usenix.org/legacy/publications/library/proceedings/neta99/full_papers/limoncelli/limoncelli.pdf
>
> I was wondering if anyone knew of firewall hardware or software with these
> capabilities, of if ordinary open source software such as iptables or
> pfsense could do these things. Tim only mention Lucent hardware. Where would
> we look?
Any Linux box can do this with ebtables.
ebtables is the iptables equivalent for bridging. It operates at
the MAC level, obviously, so you will probably want to map IP
addresses to MACs before any serious investigation.
-dsr-
More information about the bblisa
mailing list