Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 May 2002 11:41:18 -0700
From:      "'Luigi Rizzo'" <rizzo@icir.org>
To:        "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com>
Cc:        "'freebsd-net@freeBSD.ORG'" <freebsd-net@FreeBSD.ORG>
Subject:   Re: Does "xmit" work with ipfw dummynet?
Message-ID:  <20020529114118.A22709@iguana.icir.org>
In-Reply-To: <F10E013C394AD411A2F10008C75DF4823D4388@xch-knt-01.nw.nos.boeing.com>; from marcelo.m.albuquerque@boeing.com on Wed, May 29, 2002 at 09:35:12AM -0700
References:  <F10E013C394AD411A2F10008C75DF4823D4388@xch-knt-01.nw.nos.boeing.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, May 29, 2002 at 09:35:12AM -0700, Albuquerque, Marcelo M wrote:
> Thanks Luigi.
> 
> > xmit cannot match on bridged packets
> 
> Is it a hard problem to make xmit compatible with bridged packets or is it

in the place the ipfw filter are in the bridging code, the info
on the output interface is still not available, this is why xmit
does not match.

> just that no one had the need yet to implement the changes? Is there any way
> around this limitation that would allow us to achive the same goal?

which is what ? you do not want to bridge between fxp0 and fxp1 ?

	luigi

> 
> xmit cannot match on bridged packets
> 
> 	luigi
> 
> > 
> > Here is the setup:
> > 
> >                  ___________________
> >                 |                   |
> > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2
> >                 |___________________|
> >                           |
> >                           |
> >                      192.168.1.3
> > 
> > 
> > This works:
> > ipfw add 100 deny ip from any to any in recv fxp0
> > 
> > This doesn't:
> > ipfw add 100 deny ip from any to any out xmit fxp1
> > 
> > What I really want, but fear is not supported, is:
> > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1
> > 
> > That is, I want to block traffic coming in from fxp0 and going out
> > fxp1, in bridged mode.
> > 
> > Anyone know if this is possible?
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020529114118.A22709>