Date: Mon, 26 Apr 2004 20:43:39 -0300 From: "Aristeu Gil Alves Jr" <suporte@wahtec.com.br> To: "Freebsd-Stable" <freebsd-stable@freebsd.org> Subject: ipfilter/ipfw + bridge + out checking Message-ID: <NIBBICFAGEGKPKFMEHOMCEJFCEAA.suporte@wahtec.com.br>
next in thread | raw e-mail | index | archive | help
Hi all. I didn't find any thread discussing it, sorry if I am re-posting the same subject. Is there a way to check the ipfilter/ipfw out-flow with bridge? Is it implemented already? The case ilustrated in most howtos is shown with only two NICs NET-1 || ___________ |bridge-fw| ----------- || NET-2 It's important for us to use a bridge-fw with three NICs. NET-1 || ___________ |bridge-fw|== NET-3 ----------- || NET-2 without the out packet controling, a solution with three or more NIC's could lead to an information leak problem. I've heard this checking is not done due a performance issue (it's writen in ipf-howto), but performance is not the main goal in this particular situation. I would like to have the stateful firewall and the bridge _fully_ working together. If there's anything I can do to contribute, I'll be happy to help. []'s --aristeu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NIBBICFAGEGKPKFMEHOMCEJFCEAA.suporte>