Date: Wed, 29 May 2002 12:49:35 -0700 From: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com> To: "'Luigi Rizzo'" <rizzo@icir.org> Cc: "'freebsd-net@freeBSD.ORG'" <freebsd-net@FreeBSD.ORG> Subject: RE: Does "xmit" work with ipfw dummynet? Message-ID: <F10E013C394AD411A2F10008C75DF4823D4389@xch-knt-01.nw.nos.boeing.com>
next in thread | raw e-mail | index | archive | help
> On Wed, May 29, 2002 at 09:35:12AM -0700, Albuquerque, > Marcelo M wrote: > > Thanks Luigi. > > > > > xmit cannot match on bridged packets > > > > Is it a hard problem to make xmit compatible with bridged > packets or is it > > in the place the ipfw filter are in the bridging code, the info > on the output interface is still not available, this is why xmit > does not match. Is there a place downstream where we could insert a check and match the output interface? > > > just that no one had the need yet to implement the changes? > Is there any way > > around this limitation that would allow us to achive the same goal? > > which is what ? you do not want to bridge between fxp0 and fxp1 ? We do want to bridge packets from fxp0 to fxp1 and at the same time have the firewall filter match both incoming and outgoing interfaces. > > luigi > > > > > xmit cannot match on bridged packets > > > > luigi > > > > > > > > Here is the setup: > > > > > > ___________________ > > > | | > > > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2 > > > |___________________| > > > | > > > | > > > 192.168.1.3 > > > > > > > > > This works: > > > ipfw add 100 deny ip from any to any in recv fxp0 > > > > > > This doesn't: > > > ipfw add 100 deny ip from any to any out xmit fxp1 > > > > > > What I really want, but fear is not supported, is: > > > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1 > > > > > > That is, I want to block traffic coming in from fxp0 and going out > > > fxp1, in bridged mode. > > > > > > Anyone know if this is possible? > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F10E013C394AD411A2F10008C75DF4823D4389>