“The Linux kernels v2.2 and higher have support for Ethernet
bridging. In a bridge, all packets received by one interface are
passed to the other, without regard to source or destination IP
address, by examining the Ethernet MAC destination address of the
packet. AC2I, a French company, distributes a kernel patch that
allows the ipchains packet filter to work on the bridged
interfaces. This configuration allows you to set up a firewall
system that is invisible to the Internet, yet provides a high level
of protection and access control for your private network. The
remainder of this article explains the steps necessary to get a
bridging firewall up and running.”
“To perform as an effective firewall and network monitor, a CPU
must be sufficiently fast. The prototype system was built on a
500MHz Celeron processor with 256MB of memory. Tests show the
bridge can keep up with a fully-saturated 10MB/s Ethernet, with no
lost packets. Install two additional Network Interface Cards
(NICs), because you will need two for the bridge and a third for
administering the firewall.”