Ethernet bridging is a way to connect networks together to form a larger network.
The standard for bridging is ANSI/IEEE 802.1d which downloaded from IEEE get 802 site.
A bridge is a way to connect two separate network segments together in a protocol independent way.
Packets are forwarded based on Ethernet address, rather than IP address (like a router).
Since forwarding is done at Layer 2, all protocols can go transparently through a bridge,
and thus can be used as a packet-filtering firewall without the need to adjust any network
settings on any device in either segment.
Brctl is used to set up the bridge by adding eth interfaces to it.
Ebtables is analagous to iptables. It can also filter on hardware (MAC)
address.
Ebtables sample.
ebtables -P FORWARD DROP ebtables -A FORWARD -p IPv4 -j ACCEPT ebtables -A FORWARD -p ARP -j ACCEPT ebtables -A FORWARD -p LENGTH -j ACCEPT ebtables -A FORWARD --log-level info --log-ip --log-prefix EBFW ebtables -P INPUT DROP ebtables -A INPUT -p IPv4 -j ACCEPT ebtables -A INPUT -p ARP -j ACCEPT ebtables -A INPUT -p LENGTH -j ACCEPT ebtables -A INPUT --log-level info --log-ip --log-prefix EBFW ebtables -P OUTPUT DROP ebtables -A OUTPUT -p IPv4 -j ACCEPT ebtables -A OUTPUT -p ARP -j ACCEPT ebtables -A OUTPUT -p LENGTH -j ACCEPT ebtables -A OUTPUT --log-level info --log-ip --log-arp --log-prefix EBFW -j DROP
Linux network bridging
Ebtables home