En/na Can Erkin Acar ha escrit:
Joaquin Fernandez Piqueras wrote:
The problem is that the bridge doesn't filter anything. I tried to put
rules that block everything but only filter administration interfaces.
The trafic still go through the bridge.
Are you perhaps using VLANs on the network you are bridging?
Yes
Are you bridging the ports marked as trunk on the switches?
Yes
If so, either do not use a trunk port on the switch
or define the respective VLANs on the firewall and use the vlan(4)
interfaces for bridging.
My router is encapsulating all traffic through a Vlan.
Also look at the "blocknonip" option of bridge(4)
The "blocknonip" option blocks also ospf traffic between routers and
then the router looks for a new route without crossing the firewall.
Can
Finally you gave me the solution (thanks Can).
I have created 2 Vlans, each associated to a different interface but the
same "vlan tag". Next, I have configured the bridge to use the vlans.
And the firewall now fiters perfectly.
Thanks again,
Quimi
