From owner-freebsd-ipfw Sun Jun 11 0:28:49 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id C724237B9D2 for ; Sun, 11 Jun 2000 00:28:44 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id JAA10194; Sun, 11 Jun 2000 09:30:12 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200006110730.JAA10194@info.iet.unipi.it> Subject: Re: ARP Hack for BRIDGE? In-Reply-To: <20000610133741.G1197@dialin-client.earthlink.net> from "Crist J. Clark" at "Jun 10, 2000 01:37:41 pm" To: cjclark@alum.mit.edu Date: Sun, 11 Jun 2000 09:30:12 +0200 (CEST) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I just noticed the following code hiding in the 4.0-STABLE > rc.firewall, > > # If you're using 'options BRIDGE', uncomment the following line to pass ARP > #${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0 it was ahack to let ARP throgu when you use a closed firewall and net.link.ether.bridge_ipfw=1 i.e. you pass bridged packets through the firewall. i think after recent bridging patches by Archie, you are not able to filter non-ip packets anymore. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message