From owner-freebsd-ipfw@FreeBSD.ORG Mon May 24 13:59:20 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D53B516A4CF for ; Mon, 24 May 2004 13:59:20 -0700 (PDT) Received: from chello080110061116.502.15.vie.surfer.at (chello080110061116.502.15.vie.surfer.at [80.110.61.116]) by mx1.FreeBSD.org (Postfix) with SMTP id 6243F43D41 for ; Mon, 24 May 2004 13:59:19 -0700 (PDT) (envelope-from 4711@chello.at) Received: (qmail 14241 invoked from network); 24 May 2004 20:59:05 -0000 Received: from matrix010.matrix.net (192.168.123.10) by ns.matrix.net with SMTP; 24 May 2004 20:59:05 -0000 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Date: Mon, 24 May 2004 22:58:52 +0200 User-Agent: KMail/1.6.2 References: <20040524110443.70695.qmail@web40602.mail.yahoo.com> In-Reply-To: <20040524110443.70695.qmail@web40602.mail.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_YImsAYlY1X11BLE"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405242259.05178.4711@chello.at> cc: ipfw@freebsd.org cc: Supote Leelasupphakorn Subject: Re: What's the "bridged" option in ipfw's man page ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 20:59:21 -0000 --Boundary-02=_YImsAYlY1X11BLE Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 24 May 2004 13:04, Supote Leelasupphakorn wrote: > Hi... lists, > > I've read the "ipfw" man page and in the "RULE OPTION" > There is "bridged" option there. I'm currently set the > bridge-base firewall so my question is what's the bridged > packets and how much I take advantage from this option ? > > TIA, > pjn The rule option "bridged" is used as an alias for "layer2" by the ipfw=20 command.=20 Some interesting points written in "PACKET FLOW" in man ipfw and "BUGS" in = man=20 bridge. Examples how the layer2 rule option could be used (I have not tested them, = you=20 can find some more on google): ${fwcmd} add pass layer2 mac-type arp // allow arp ${fwcmd} add skipto 20000 layer2 // goto rules for bridged packets ${fwcmd} add [...] // rules for non-bridged packets ${fwcmd} add deny all from any to any // end of rules for non-bridged pack= ets ${fwcmd} add 20000 [...] // rules for bridged packets=20 regards ch --Boundary-02=_YImsAYlY1X11BLE Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAsmIYcyi/EZQbawsRAs4UAJ4mwPgGGQMVgVbPwHBKclJtRs4dWQCfbGX0 2rUJD+qYwTylNVHBb4AkY3s= =xNEd -----END PGP SIGNATURE----- --Boundary-02=_YImsAYlY1X11BLE--