Revision cf51ea5b README
b/README | ||
---|---|---|
32 | 32 |
Single bridge setup. Private IPs. Masquerade: |
33 | 33 |
|
34 | 34 |
For security and not being able to change ip-mac-tap key: |
35 |
# ebtables -t filter -D INPUT -i tap0 -j TAP0 |
|
36 |
# ebtables -t filter -D FORWARD -i tap0 -j TAP0 |
|
37 |
# ebtables -t filter -X TAP0 |
|
38 |
# ebtables -t filter -N TAP0 |
|
39 |
# ebtables -t filter -A TAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP |
|
40 |
# ebtables -t filter -A TAP0 -s \! aa:00:00:8c:d3:a4 -j DROP |
|
41 |
# ebtables -t filter -A INPUT -i tap0 -j TAP0 (for masquerading) |
|
42 |
# ebtables -t filter -A FORWARD -i tap0 -j TAP0 (for private lans) |
|
43 |
|
|
35 |
# ebtables -N FROMTAP0 |
|
36 |
# ebtables -A FROMTAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP |
|
37 |
# ebtables -A FROMTAP0 -s \! aa:00:00:8c:d3:a4 -j DROP |
|
38 |
# ebtables -A INPUT -i tap0 -j FROMTAP0 (for masquerading) |
|
39 |
# ebtables -A FORWARD -i tap0 -j FROMTAP0 (for private lans) |
|
40 |
# ebtables -N TOTAP0 |
|
41 |
# ebtables -A FORWARD -o tap0 -j TOTAP0 |
|
42 |
# ebtables -A OUTPUT -o tap0 -j TOTAP0 |
|
43 |
# ebtables -A TOTAP0 -s 6e:10:e1:a0:c3:0f -j ACCEPT (from gateway) |
|
44 |
# ebtables -A TOTAP0 -s \! aa:0:0:8c:d3:a4/ff:ff:ff:ff:0:0 -j DROP |
|
44 | 45 |
|
45 | 46 |
|
46 | 47 |
Private LANs: |
Also available in: Unified diff