From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 30 00:28:20 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4EB43AF for ; Tue, 30 Sep 2014 00:28:20 +0000 (UTC) Received: from m.nyi.net (m.nyi.net [66.111.12.250]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BBC26EDF for ; Tue, 30 Sep 2014 00:28:20 +0000 (UTC) Received: from m.nyi.net (localhost [127.0.0.1]) by m.nyi.net (Postfix) with ESMTP id 7C246108984 for ; Mon, 29 Sep 2014 20:22:07 -0400 (EDT) Received: from m.nyi.net ([127.0.0.1]) by m.nyi.net (m.nyi.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vsb8UbG-t+Cs for ; Mon, 29 Sep 2014 20:21:59 -0400 (EDT) Received: from [10.50.50.235] (urchin.nyi.net [64.147.100.2]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jacob@nyi.net) by m.nyi.net (Postfix) with ESMTPSA id 031411088E8 for ; Mon, 29 Sep 2014 20:21:59 -0400 (EDT) Message-ID: <5429F7A6.3060701@nyi.net> Date: Mon, 29 Sep 2014 20:21:58 -0400 From: Jack Barber Organization: New York Internet Company User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: trouble with ipfw on FreeBSD 10 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2014 00:28:21 -0000 We are having trouble getting ipfw to work over a bridged interface. for example: machine 1 -> Bridged interface FreeBSD 10 -> machine 2. machine 1 - 192.168.20.20 machine 2 - 192.168.20.25 now I set something like this in /etc/ipfw.rules: $IPFWcmd add deny all from 192.168.20.20/24 to any $IPFWcmd add deny all from any to 192.168.20.20/24 where both machine 1 and machine 2 are on said subnet and already work. when I reload the rules, I am unable to stop a connection between machine 1 and machine 2. I've already made sure that ipfw is running(loaded), and the rules appear to take, and even show up with "ipfw show". # ipfw show ... 01700 0 0 deny ip from 192.168.20.0/24 to any 01800 0 0 deny ip from any to 192.168.20.0/24 65535 9227 11389032 allow ip from any to any However, there is no effect on data travelling over the pipe at all. This setup was confirmed many times to work with FreeBSD 9.2, but it does not work on 10. any help is appreciated.