[Snort-users] One question

Matt Kettler mkettler at ...4108...
Thu Dec 19 09:00:02 EST 2002

No, not a bridge, a router. However I suspect what you are calling a 
"bridge" is really a router anyway.

A Bridge is a simple ethernet layer device that bridges 2 ethernet segments 
(ie: a switch with only 2 ports is a bridge), a router is an IP layer 
device with multiple interfaces that routes IP packets between them. The 
significant difference here is that some non-IP things like ARP don't 
generally pass through a router (although they might be proxied by it), but 
any type ethernet packet can go through a bridge, provided the MAC 
addresses dictate it is headed to the other side.

Since hogwash relies on IPTables for filtering, that filtering is IP layer, 
thus must happen on a system which routes at an IP layer. It can't merely 
be an ethernet layer bridge.

At 12:11 PM 12/19/2002 +0100, Carmelo Zubeldia wrote:
>Hi all,
>Run hogwash in a Bridge?

