From owner-freebsd-doc@FreeBSD.ORG  Fri Apr 21 08:40:32 2006
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: freebsd-doc@hub.freebsd.org
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C5A4C16A404
	for <freebsd-doc@hub.freebsd.org>; Fri, 21 Apr 2006 08:40:32 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A9D943D6B
	for <freebsd-doc@hub.freebsd.org>; Fri, 21 Apr 2006 08:40:14 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3L8eDp8041996
	for <freebsd-doc@freefall.freebsd.org>; Fri, 21 Apr 2006 08:40:13 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3L8eDM2041995;
	Fri, 21 Apr 2006 08:40:13 GMT (envelope-from gnats)
Resent-Date: Fri, 21 Apr 2006 08:40:13 GMT
Resent-Message-Id: <200604210840.k3L8eDM2041995@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-doc@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, <freebsd@stderror.at>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C77716A401
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Apr 2006 08:37:52 +0000 (UTC)
	(envelope-from toni@it-austria.net)
Received: from zep4.it-austria.net (zep4.it-austria.net [213.150.1.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0FB0E43D46
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Apr 2006 08:37:51 +0000 (GMT)
	(envelope-from toni@it-austria.net)
Received: from skunk.user.lan.at (unknown [10.24.28.114])
	by zep4.it-austria.net (Postfix) with ESMTP id 06C63337E3
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Apr 2006 10:37:50 +0200 (CEST)
Received: from skunk.user.lan.at (localhost [127.0.0.1])
	by skunk.user.lan.at (8.12.10/8.12.10) with ESMTP id k3L8bnJP042866
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Apr 2006 10:37:49 +0200 (CEST)
	(envelope-from pinhead@skunk.user.lan.at)
Received: (from pinhead@localhost)
	by skunk.user.lan.at (8.12.10/8.12.10/Submit) id k3L8bnXU042865;
	Fri, 21 Apr 2006 10:37:49 +0200 (CEST) (envelope-from pinhead)
Message-Id: <200604210837.k3L8bnXU042865@skunk.user.lan.at>
Date: Fri, 21 Apr 2006 10:37:49 +0200 (CEST)
From: Toni Schmidbauer <freebsd@stderror.at>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: docs/96127: add hint to pass arp packets through filtering bridge
	to advanced-networking doc
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd@stderror.at
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2006 08:40:33 -0000


>Number:         96127
>Category:       docs
>Synopsis:       add hint to pass arp packets through filtering bridge to advanced-networking doc
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 21 08:40:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Toni Schmidbauer
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
stderror.at
>Environment:
System: FreeBSD skunk.user.lan.at 6.0-STABLE FreeBSD 6.0-STABLE #0: Thu Nov 10 20:29:49 CET 2005 root@skunk.user.lan.at:/usr/obj/usr/src/sys/alpha i386


>Description:
	currently it is stated in the advanced networking section in
	the handbook to add IPFIREWALL_DEFAULT_TO_ACCEPT to allow arp through a
	filtering bridge. this is not false, but there's a better way
	to do it. 

>How-To-Repeat:
	
>Fix:

diff -u handbook/advanced-networking/chapter.sgml.orig handbook/advanced-networking/chapter.sgml
--- handbook/advanced-networking/chapter.sgml.orig      Fri Apr 21 09:31:35 2006
+++ handbook/advanced-networking/chapter.sgml   Fri Apr 21 09:41:11 2006
@@ -1919,6 +1919,14 @@
          changes the default rule for the firewall to accept any packet.
          Make sure you know how this changes the meaning of your ruleset
          before you set it.</para>
+
+       <para>One other way to allow only arp packets through a filtering bridge,
+         is to add the following firewall rule:
+
+         <programlisting>ipfw add allow mac-type arp layer2<programmlisting>
+
+         so you do not have to set <literal>IPFIREWALL_DEFAULT_TO_ACCEPT</literal>.
+       <para>
       </sect3>
 
       <sect3>
>Release-Note:
>Audit-Trail:
>Unformatted: