Next: Acknowledgments
Up: Transparent Network Security Policy
Previous: Implementation Status and Future
We have given an overview of the OpenBSD bridge implementation, with
our extensions for Layer-2 and Layer-3 filtering (at the
ethernet and IP layer, respectively). For the latter, we used the
existing kernel packet filter mechanism, ipf. We further
presented our integration of bridging with IPsec to provide ``virtual
LAN'' functionality, ``bump-in-the-wire'' support, and a transparent
security policy enforcement box. This latter configuration is shown to
offer significant flexibility to network administrators, as it can be
used in various modes of operation to ensure traffic as well as host
and network protection. Finally, we discussed the current
implementation status and our plans for future work.
Angelos D. Keromytis
4/21/2000