Bridge Filter is a patch to apply to linux kernel 2.2.x (developped under linux 2.2.5 kernel and successfully applied on linux 2.2.9 kernel). This patch creates a new built-in chain named bridgein you can use to filter packets before the bridge.

Basically, linux firewall and bridge functions work well but you can't filter exactly which packets are bridged. The main goal of this patch is to allow this capability.

Let's assume you have the following network configuration:

A commonly encountered method to setup a firewall is to configure properly the gateway as a firewall. This case is not possible if you don't have access to the current gateway or if the gateway is unable to perform this task.

Another solution is to install a new computer before the gateway which filters packets.

• If the filter is a gateway, all the computers of the subnetwork should use the filter IP has their gateway. It is easy to setup if there is only few computers to reconfigure but for a wide subnetwork, it is a fairly long tasks (especially for windoz computers).

• To transparently install a filter, it should be a bridge. Linux built-in bridge works well as a bridge but doesn't provide any filtering function.

Bridge Filter patch adds a new chain used to filter packets before they enter into the bridge.