From owner-freebsd-net Wed May 29 8:42:42 2002 Delivered-To: freebsd-net@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 7D8EA37B405 for ; Wed, 29 May 2002 08:42:34 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4TFgRU21425; Wed, 29 May 2002 08:42:27 -0700 (PDT) (envelope-from rizzo) Date: Wed, 29 May 2002 08:42:27 -0700 From: Luigi Rizzo To: "Albuquerque, Marcelo M" Cc: "'freebsd-net@freeBSD.ORG'" Subject: Re: Does "xmit" work with ipfw dummynet? Message-ID: <20020529084227.A21332@iguana.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from marcelo.m.albuquerque@boeing.com on Wed, May 29, 2002 at 08:40:36AM -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 08:40:36AM -0700, Albuquerque, Marcelo M wrote: > dummynet is not behaving as expected, and I'm wondering whether the command > is compatible with bridging mode (freebsd 4.5): xmit cannot match on bridged packets luigi > > Here is the setup: > > ___________________ > | | > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2 > |___________________| > | > | > 192.168.1.3 > > > This works: > ipfw add 100 deny ip from any to any in recv fxp0 > > This doesn't: > ipfw add 100 deny ip from any to any out xmit fxp1 > > What I really want, but fear is not supported, is: > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1 > > That is, I want to block traffic coming in from fxp0 and going out > fxp1, in bridged mode. > > Anyone know if this is possible? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message