Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card

151

152

153

154

155

156

157

158

159

160

protocol name/number

• all - match all the IP protocols

action (accept | drop | passthrough; default: accept) - action to undertake if the packet matches the

rule:

• accept - accept the packet. No action, i.e., the packet is passed through without undertaking any

action, and no more rules are processed

• drop - silently drop the packet (without sending the ICMP reject message)

• passthrough - ignore this rule. Acts the same way as a disabled rule, except for ability to count

packets

Drop broadcast packets

[admin@Wandy] interface bridge firewall> add mac-dst-address=FF:FF:FF:FF:FF:FF

action=drop

[admin@Wandy] interface bridge firewall> print

Flags: X - disabled, I - invalid

0 mac-src-address=00:00:00:00:00:00 in-interface=all

mac-dst-address=FF:FF:FF:FF:FF:FF out-interface=all mac-protocol=all

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all action=drop

[admin@Wandy] interface bridge firewall>

Drop IP, ARP and RARP

To make a brouter (the router that routes routable (IP in our case) protocols and bridges unroutable

protocols), make a rule that drops IP, ARP, and RARP traffic (these protocols should be disabled in

bridge firewall, not in forwarded protocols as in the other case the router will not be able to

receive IP packets itself, and thus will not be able to provide routing).

To make bridge, drop IP, ARP and RARP packets:

[admin@Wandy] interface bridge firewall> add mac-protocol=2048 action=drop

[admin@Wandy] interface bridge firewall> add mac-protocol=2054 action=drop

[admin@Wandy] interface bridge firewall> add mac-protocol=32821 action=drop

[admin@Wandy] interface bridge firewall> print

Flags: X - disabled, I - invalid

0 mac-src-address=00:00:00:00:00:00 in-interface=all

mac-dst-address=00:00:00:00:00:00 out-interface=all mac-protocol=2048

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all action=drop

1 mac-src-address=00:00:00:00:00:00 in-interface=all

mac-dst-address=00:00:00:00:00:00 out-interface=all mac-protocol=2054

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all action=drop

2 mac-src-address=00:00:00:00:00:00 in-interface=all

mac-dst-address=00:00:00:00:00:00 out-interface=all mac-protocol=32821

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all action=drop

[admin@Wandy] interface bridge firewall>

Application Example

Example

Assume we want to enable bridging between two Ethernet LAN segments and have the Wandy

router be the default gateway for them:

When configuring the Wandy router for bridging you should do the following:

1. Add a bridge interface