ebtables

ebtables - sourceforge page - downloads - browse cvs - bridge - netfilter

Free firewall software distributed under GNU General Public License

Start

About

Downloads

Documentation

Examples

Contact

Latest release:

Releases:

The latest stable userspace release is version 2.0.8-2, released on September 21, 2007. The source code can be obtained here, the binary rpm package for i386 architectures can be obtained here.
A small library for delivering ebtables tables to the kernel is available here. It was written by Jens Götze <ebtables@catch.1in1.de>. You can also find it in the CVS.
The kernel patches for 2.4 combine both ebtables and bridge-nf. The latest patch version should be preferred as older patches might contain bugs fixed in later releases.
For kernel 2.4.31: ebtables-brnf-11-2_vs_2.4.31.diff.gz and ebtables-brnf-10_vs_2.4.31.diff.gz.
For kernel 2.4.21: ebtables-brnf-10_vs_2.4.21.diff.gz.
For kernel 2.4.30 (courtesy of Daggrass <jgkc_at_163_dot_com>): ebtables-brnf-9_vs_2.4.30.diff.gz.
For kernel 2.4.29: ebtables-brnf-9_vs_2.4.29.diff.gz.
For kernel 2.4.28: ebtables-brnf-8-3_vs_2.4.28.diff.gz.
For kernel 2.4.27: ebtables-brnf-7_vs_2.4.27.diff.gz.
Patching is done by going to the Linux kernel directory (cd /usr/src/linux-2.4.28) and executing patch -p1 <patch_file.

The latest arptables release is version 0.0.3-3.

Configuring the kernel:

Kernel version 2.4:
With make menuconfig (or whatever kernel configuration tool you are using) go to 'networking options'.
Check 'Network packet filtering (replaces ipchains)'.
Go to the bottom and check '802.1d Ethernet Bridging'. Then under this option the option 'Bridge: ebtables' will appear. Check this too. Under the 'Bridge: ebtables' option, other options will appear which you should check if you want them. See the ebtables man page for an explanation about these.
The bridge-nf functionality is compiled automatically in the kernel when netfilter support and the bridge code is enabled, so there is no kernel option that needs to be checked.
Kernel version 2.6:
With make menuconfig (or whatever) go to 'Device drivers->Networking support->Networking options'.
Go to the bottom and check '802.1d Ethernet Bridging'.
Check 'Network packet filtering (replaces ipchains)' and move into this directory.
On a standard configuration iptables and arptables will see bridged traffic. If you don't want them to see bridged traffic, disable 'Bridged IP/ARP packets filtering'.
Go to 'Bridge: Netfilter configuration' and enable the ebtables modules you want, for an explanation of what the modules do, see the help dialog inside the configuration tool or the ebtables man page.

Compiling and installing the userspace tool ebtables:

If you download the latest release, the steps are simple:

tar -xzf ebtables-v2.0.6.tar.gz
cd ebtables-v2.0.6
make

The above compiles the ebtables source. To install the tool, do the following (you need to be root for this).

make install

If you use the CVS version, you will need to specify the directory that contains the header files. You can use the directory in the CVS (see below) or the include directory from a recent 2.6 kernel.

make install KERNEL_INCLUDES=<dir>/ebtables2/kernel/linux2.5/include/

There are some compile time options to specify the destination directories: LIBDIR, MANDIR, BINDIR, ETCDIR, ETHERTYPESPATH and DESTDIR. LIBDIR denotes the directory where to put the shared libraries and defaults to /usr/lib. MANDIR denotes the directory where to put the man page and defaults to /usr/local/man (the /man8 subdirectory should not be specified). BINDIR denotes the directory where to put the ebtables executable and defaults to /usr/sbin (or /sbin in earlier versions of ebtables). ETCDIR denotes the etc directory (defaults to /etc) and ETHERTYPESPATH denotes the directory where to put the ethertypes file, which contains the assigned Ethernet protocol names (defaults to ETCDIR). The DESTDIR denotes the base directory, by default it is not set. If set, all files will be copied to places relative to DESTDIR instead of / (the root directory).

CVS repository:

To obtain a local copy of the CVS repository, first execute the following command. When prompted for a password, just hit the Enter key.

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ebtables login

To get a local copy of the ebtables userspace code, execute

cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ebtables co ebtables2/userspace/ebtables2

To get a local copy of the arptables userspace code, execute

cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ebtables co ebtables2/userspace/arptables

The 2.4 and 2.6 kernel source files in the CVS are not necessarily up-to-date. They are mostly used to store new modules/updates that aren't in the kernel yet. To get a local copy of the maintained 2.6 kernel source files, execute

cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ebtables co ebtables2/kernel/linux2.5

To get a local copy of the full repository, execute

cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ebtables co ebtables2

The CVS repository can be browsed here.

Last modified: Friday, 21-Sep-2007 10:42:07 PDT.