Revision cf51ea5b README
| b/README | ||
|---|---|---|
| 32 | 32 |
Single bridge setup. Private IPs. Masquerade: |
| 33 | 33 |
|
| 34 | 34 |
For security and not being able to change ip-mac-tap key: |
| 35 |
# ebtables -t filter -D INPUT -i tap0 -j TAP0 |
|
| 36 |
# ebtables -t filter -D FORWARD -i tap0 -j TAP0 |
|
| 37 |
# ebtables -t filter -X TAP0 |
|
| 38 |
# ebtables -t filter -N TAP0 |
|
| 39 |
# ebtables -t filter -A TAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP |
|
| 40 |
# ebtables -t filter -A TAP0 -s \! aa:00:00:8c:d3:a4 -j DROP |
|
| 41 |
# ebtables -t filter -A INPUT -i tap0 -j TAP0 (for masquerading) |
|
| 42 |
# ebtables -t filter -A FORWARD -i tap0 -j TAP0 (for private lans) |
|
| 43 |
|
|
| 35 |
# ebtables -N FROMTAP0 |
|
| 36 |
# ebtables -A FROMTAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP |
|
| 37 |
# ebtables -A FROMTAP0 -s \! aa:00:00:8c:d3:a4 -j DROP |
|
| 38 |
# ebtables -A INPUT -i tap0 -j FROMTAP0 (for masquerading) |
|
| 39 |
# ebtables -A FORWARD -i tap0 -j FROMTAP0 (for private lans) |
|
| 40 |
# ebtables -N TOTAP0 |
|
| 41 |
# ebtables -A FORWARD -o tap0 -j TOTAP0 |
|
| 42 |
# ebtables -A OUTPUT -o tap0 -j TOTAP0 |
|
| 43 |
# ebtables -A TOTAP0 -s 6e:10:e1:a0:c3:0f -j ACCEPT (from gateway) |
|
| 44 |
# ebtables -A TOTAP0 -s \! aa:0:0:8c:d3:a4/ff:ff:ff:ff:0:0 -j DROP |
|
| 44 | 45 |
|
| 45 | 46 |
|
| 46 | 47 |
Private LANs: |
Also available in: Unified diff