|
i have another doubt about bridging, referring to
the bridgin mini-howto, concretly in the firewall policies.
# Allow packets from TUN/TAP devices.
iptables -A INPUT -i tun+ -j
ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j
ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
# Allow packets from private subnets
iptables -A INPUT -i br0 -j
ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
Why this differentiation? When you add a bridge
interface, arent you in fact creating a global-unique interface for all the
bridged ones? If there doesn't remain any IP assigned to any interface, why this
separate rules? Can you define specific rules for your specific bridged
interfaces??
Thanks.
|