What is ebtables?

The ebtables program is a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge. The filtering possibilities are limited to link layer filtering and some basic filtering on higher network layers. Advanced logging, MAC DNAT/SNAT and brouter facilities are also included.

The ebtables tool can be combined with the other Linux filtering tools (iptables, ip6tables and arptables) to make a bridging firewall that is also capable of filtering these higher network layers. This is enabled through the bridge-netfilter architecture which is a part of the standard Linux kernel.

About this website

This website hosts the information related to the ebtables firewall tool.

This is also a reference for the Linux bridge-netfilter code. The bridge-netfilter code gives a Linux bridge the functionality of a bridging IP/IPv6/ARP firewall, by letting iptables, ip6tables and arptables process bridged IPv4, IPv6 and ARP packets. Such packets encapsulated inside a vlan or pppoe header can also be filtered. Transparent IP NAT is also possible.

The arptables filtering tool is also maintained here.

Ebtables, arptables and bridge-netfilter are a part of the standard 2.6 kernel and are enabled by default by most Linux distributions.

All code featured on this website is maintained by Bart De Schuymer , visit Art in Algorithms for more details about his work as a freelance software consultant.