What is ebtables?

The ebtables program is a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge. The filtering possibilities are limited to link layer filtering and some basic filtering on higher network layers. Advanced logging, MAC DNAT/SNAT and brouter facilities are also included.

The ebtables tool can be combined with the other Linux filtering tools (iptables, ip6tables and arptables) to make a bridging firewall that is also capable of filtering these higher network layers. This is enabled through the bridge-netfilter architecture which is a part of the standard Linux kernel.

The ebtables and arptables codebase is maintained by the netfilter developers, who were so kind to take over maintenance of the software. This website is kept mainly as a documentation reference.

About this website

This website hosts the information related to the ebtables firewall tool.

This is also a reference for the Linux bridge-netfilter code. The bridge-netfilter code gives a Linux bridge the functionality of a bridging IP/IPv6/ARP firewall, by letting iptables, ip6tables and arptables process bridged IPv4, IPv6 and ARP packets. Such packets encapsulated inside a vlan or pppoe header can also be filtered. Transparent IP NAT is also possible.