In addition to Layer 3 (IP), and Layer 4(TCP/UDP) filtering capabilities as described in preceding chapters, iptables/netfilter also has the capacity to filter traffic at Layer 2. This is an especially useful mechanism in environments where you are attempting to build an inline transparent firewall, in the case of an IDS you would like to make capable of responding to attacks, performing filtering in a bridging environment, or adding in MAC address filter rules when dealing with wireless networks.

Bridging, simply put, is a method of joining two or more separate Ethernet networks together. From the perspective of the users on either side of the bridge, they are on the same network. This is because bridging happens ...