ebtables - sourceforge page - downloads - browse cvs - bridge - netfilter

Free firewall software distributed under GNU General Public License

This is the ebtables homepage. This is also to be the place where the bridge-netfilter code and the arptables userspace tool are maintained.

The ebtables program is a filtering tool for a bridging firewall. The filtering is focussed on the Link Layer Ethernet frame fields. Apart from filtering, it also gives the ability to alter the Ethernet MAC addresses and implement a brouter.
This website is also a reference for the Linux bridge-nf code, which gives Linux the functionality of a bridging IP/IPv6/ARP firewall, by letting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARP packets.
Both ebtables and bridge-nf are a part of the standard 2.6 kernel. A patch for the 2.4 stable kernel is maintained here, because enough people keep bugging me when Marcelo releases yet another 2.4 kernel.

2007:

September 21, 2007
Released ebtables-v2.0.8-2 which includes 2 bugfixes in ebtables-restore compared to v2.0.8-1.

August 19, 2007
Released the arptables userspace tool version 0.0.3-3, see the download section for obtaining the source file.

May 28, 2007
Released the ebtables userspace tool version 2.0.8-1, see the download section for obtaining the source or rpm file.

2006:

December 18, 2006
Released the ebtables userspace tool version 2.0.8-rc3, see the download section for obtaining the source or rpm file.

• fixed a few reported bugs
• ebt_among --among-dst-file and --among-src-file: allow the list to be given in a file (circumvents command line max. line length)
• ebt_nat --snat-arp: if it's an arp packet, also change the source address in the arp header
• ebt_mark --mark-or, --mark-xor, --mark-and

March 30, 2006
Released the ebtables userspace tool version 2.0.8-rc2, see the download section for obtaining the source or rpm file.
The release includes a few bugfixes, dccp and sctp support and the possibility for compiling static binaries.

2005:

November 13, 2005
Released the ebtables userspace tool version 2.0.8-rc1, see the download section for obtaining the source or rpm file.
The release includes various changes, of which the most important are:

• add sysconfig support (ebtables-save, ebtables-restore, etc)
• add ulog watcher
• use shared libraries (making the code easily usable by third parties)
• improve speed

August 17, 2005
Released ebtables-brnf-10_vs_2.4.31.diff.gz, which contains a backported bugfix for vlan+fragmented packets.

April 19, 2005
Released ebtables-brnf-9_vs_2.4.30.diff.gz, which is just a rediff vs 2.4.30. Also added the small library to the CVS tree (under userspace/libebtc).

April 08, 2005
Jens Götze <ebtables@catch.1in1.de> implemented a small library to submit tables to the kernel. See here.

March 16, 2005
Made a new release of the ebtables/bridge-nf patch versus kernel 2.4.29. This patch contains a fix for an smp bug and reduces the call chain length. Please update your kernel. See ebtables-brnf-9_vs_2.4.29.diff.gz.

2004:

November 26, 2004
There was an error in the log watcher for the ebtables-brnf-8_vs_2.4.28.diff.gz patch, please update your release to ebtables-brnf-8-2_vs_2.4.28.diff.gz.

November 26, 2004
Hmm, I seem to be bad at writing log entries. Anyway, a few things have happened since the last log entry (which dates almost a year ago, I know).
The latest stable 2.4 kernel version is now 2.4.28, and the ebtables-brnf patch for it has been released, you can find it here: ebtables-brnf-8_vs_2.4.28.diff.gz.
Be sure to check out the CVS tree for the ebtables userspace tool. It is quite different from the last ebtables release (version 2.0.6): shared library support, interface wildcard support, the ulog watcher. Before releasing 2.0.7, the interface for shared libraries needs to be stable and a utility that makes use of the shared libraries needs to be written. There are some other things I want to get done too, so the next release is not for the near future. Please use the CVS version.

2003:

December 30, 2003
Added a bridge-nf and arptables FAQ.
Uploaded ebtables-brnf-3-vs-2.4.23 a while ago (this is just a rediff vs 2.4.23).
November 01, 2003
Released ebtables v2.0.6 and ebtables-brnf-3-vs-2.4.22.
October 16, 2003
Released arptables v0.0.3, which auto-detects the kernel version (2.4 or 2.6) and we now have an arptables man page too.
September 16, 2003
Released arptables v0.0.2, which introduces the compile option KERNEL_2_4=y to be able to use arptables on 2.4 systems.
September 10, 2003
Released ebtables + br-nf patch for 2.4.22.
August 13, 2003
Released a few days ago: version 3 of ebtables + br-nf patch for 2.4.21, arptables v0.0.1
Released even longer ago: ebtables 2.0.5
Added detailed IP packet flow picture for the br_fw_ia document (thanks to Joshua Snyder <josh_at_imagestream.com>)
June 25, 2003
Released ebtables + br-nf patch for 2.4.21
June 01, 2003
Released userspace ebtables 2.0.4.
May 14, 2003
Uploaded the redesigned website.
April 01, 2003
Released ebtables-v2.0.3.
March 01, 2003
Moving the ebtables hp to sourceforge, the hp really needs to be redesigned btw.

2002:

December 07, 2002
added patches for 2.4.20 and released ebtables2.0.2.
November 03, 2002
updated the source code section.
November 01, 2002
bridge-nf is in the 2.5.44 kernel!
September 20, 2002
ebtables v2.0 is in the official kernel 2.5.37!
September 19, 2002
Released the first stable ebtables version, 2.0.
September 6, 2002
Added the ebtables hacking HOWTO.
August 31, 2002
Released the second ebtables v2.0 Release Candidate.
July 31, 2002
Released the first ebtables v2.0 Release Candidate.
Heavy testing, trying to outsmart the code, making it do illegal stuff (like smoking joints), pointing out silly mistakes (bad spelling, ..), etc. are appreciated.
July 31, 2002
Added the battlefield examples section. This page wants to contain real setups in which ebtables plays a role.
July 27, 2002
Added the br_fw_ia document. This replaces the "how_it_works" document.
Updated the examples section.
June 2, 2002
There is now a CVS repository for ebtables, see http://sourceforge.net/projects/ebtables
April 27, 2002
Released ebtables v.2.0pre3 and bridge-nf-0.0.7-bds, see the source code section.
April 14, 2002
Released ebtables v.2.0pre2.
April 10, 2002
Important update of the source code page: added an incremental patch to the kernel patch that fixes a big problem on some Linux installation (not on the systems I had access to until recently).
April 6, 2002
Added 2 mailing lists: ebtables-user and ebtables-devel
April 4, 2002
Updated the pages to reflect the current state.
April 3, 2002
Released ebtables v.2.0pre1, see the source code section. Please use this version (or a later release), as ebtables v1.x will become unmaintained and is deprecated.