From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 15 06:46:14 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19397106564A for ; Sun, 15 Mar 2009 06:46:14 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outV.internet-mail-service.net (outv.internet-mail-service.net [216.240.47.245]) by mx1.freebsd.org (Postfix) with ESMTP id 0174E8FC0A for ; Sun, 15 Mar 2009 06:46:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 686587C253; Sat, 14 Mar 2009 23:35:20 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 0E0592D601D; Sat, 14 Mar 2009 23:35:19 -0700 (PDT) Message-ID: <49BCA1AC.7080905@elischer.org> Date: Sat, 14 Mar 2009 23:35:24 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: Olivier Nicole References: <200903150605.n2F653Uw021328@banyan.cs.ait.ac.th> In-Reply-To: <200903150605.n2F653Uw021328@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw amd bridge X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2009 06:46:14 -0000 Olivier Nicole wrote: > Hi, > > I remember reqading in the past (4.x) that on a machine with bridged > interfaces, only layer 2 rules of ipfw would apply. not quite. there are rules that do not work when called from a layer two point. e.g. divert does not work, nor does 'fwd' (without patches). Rules not specifically labeled "layer2" will still process packets, but rules labeled "not layer2" will not do so. (as expected). note if_bridge and bridge are different and may have behavioral differences in this regard. > > Is this still the case with 6.4, 7.1? > > best regards, > > Olivier > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"