Bridge Filter   I. What is Bridge Filter Bridge Filter is a patch to apply to Linux kernel 2.2.x. This patch creates a new built-in chain named bridgein you can use to filter packets before the bridge. Basically, Linux firewall and bridge functions work well but you can't filter exactly which packets are bridged. The main goal of this patch is to allow this capability. A commonly encountered method to setup a firewall is to configure properly the gateway as a firewall. This case is not possible if you don't have access to the current gateway or if the gateway is unable to perform this task. Another solution is to install a new computer before the gateway which filters packets. If the filter is a gateway, all the computers of the sub network should use the filter IP has their gateway. It is easy to setup if there is only few computers to reconfigure but for a wide sub network, it is a fairly long tasks. To transparently install a filter, it should be a bridge. Linux built-in bridge works well as a bridge but doesn't provide any filtering function. Bridge Filter patch adds a new chain used to filter packets before they enter into the bridge. II. Installation Apply the following patch using patch -p0 < linux-2.2.X-brfw.diff. Then configure the kernel as a firewall (to enable packet filter) and as a bridge. Look at the already available Bridge+Firewall HOWTO if necessary. Thus, just recompile the kernel and reboot. Enable bridge and test if it works properly. When everything works, simply configure the bridgein chain. Only ACCEPT and DENY rules have been tested. MASQ rule doesn't seem to have a meaning in this case (but who knows). REJECT doesn't work.