From owner-freebsd-net Wed May 29 9:36:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [192.161.36.5]) by hub.freebsd.org (Postfix) with ESMTP id AD2DA37B40D for ; Wed, 29 May 2002 09:35:43 -0700 (PDT) Received: from blv-av-02.boeing.com ([192.54.3.92]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id JAA06969; Wed, 29 May 2002 09:33:18 -0700 (PDT) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by blv-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-01) with ESMTP id JAA14820; Wed, 29 May 2002 09:35:42 -0700 (PDT) Received: from xch-nwbh-02.nw.nos.boeing.com (xch-nwbh-02.nw.nos.boeing.com [192.54.12.28]) by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g4TGZfH28532; Wed, 29 May 2002 09:35:41 -0700 (PDT) Received: by xch-nwbh-02.nw.nos.boeing.com with Internet Mail Service (5.5.2650.21) id ; Wed, 29 May 2002 09:35:17 -0700 Message-ID: From: "Albuquerque, Marcelo M" To: "'Luigi Rizzo'" Cc: "'freebsd-net@freeBSD.ORG'" Subject: RE: Does "xmit" work with ipfw dummynet? Date: Wed, 29 May 2002 09:35:12 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks Luigi. > xmit cannot match on bridged packets Is it a hard problem to make xmit compatible with bridged packets or is it just that no one had the need yet to implement the changes? Is there any way around this limitation that would allow us to achive the same goal? -----Original Message----- From: Luigi Rizzo [mailto:rizzo@icir.org] Sent: Wednesday, May 29, 2002 8:42 AM To: Albuquerque, Marcelo M Cc: 'freebsd-net@freeBSD.ORG' Subject: Re: Does "xmit" work with ipfw dummynet? On Wed, May 29, 2002 at 08:40:36AM -0700, Albuquerque, Marcelo M wrote: > dummynet is not behaving as expected, and I'm wondering whether the command > is compatible with bridging mode (freebsd 4.5): xmit cannot match on bridged packets luigi > > Here is the setup: > > ___________________ > | | > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2 > |___________________| > | > | > 192.168.1.3 > > > This works: > ipfw add 100 deny ip from any to any in recv fxp0 > > This doesn't: > ipfw add 100 deny ip from any to any out xmit fxp1 > > What I really want, but fear is not supported, is: > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1 > > That is, I want to block traffic coming in from fxp0 and going out > fxp1, in bridged mode. > > Anyone know if this is possible? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message