Tauno Voipio wrote:
> Yes - a bridge connects the link-level network segments,
> and they are set up in the same IP-level subnet.
>
> The bridging firewall functions are not as extensive as
> the corresponding routing firewall (iptables) fucntions.
> I'd still seriously consider using a routing configuration,
> and changing the subnets to match.
>

You could also use iptables on top of bridge

on FORWARD CHAIN

but no nat

netfilter on top bridge is supported by standard kernel since 3 or 4 years

http://www.spenneberg.com/talks/linu...bridgewall.pdf

we use this on devil-linux since January 2003

http://www.devil-linux.org/