A bridge is a device that forwards traffic between two network segments. In very loose terms it could be considered to be similar to a normal hardware switch. Bridges are "intelligent", meaning they learn which addresses are connected to which port on themselves and therefore do not simply repeat traffic to all connected devices. The bridge is transparent however, which means it wont appear in traceroute outputs.
When we initially create a bridge in Linux it isn't connected to anything. By adding devices we effectively plug them into the ports of this bridge and they become a part of it.
![[Note]](images/note.png) |
Note |
|---|---|
|
An important distinction to make is that the bridge makes decisions based on MAC address and not IP address, as it is a layer 2 device. The bridging code inside the 2.4 kernel appears before the iptables hooks, therefore bridging happens before packets go through filtering. This means that we can't use all of the features of iptables with our bridge. One solution for this is "ebtables", more information and a good diagram of how packets traverse the kernel is available on the website. For 2.6 kernels, this has changed and filtering should be possible using iptables. |
|