From owner-freebsd-net@FreeBSD.ORG Wed Jul 4 14:40:24 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 42EBD106566B for ; Wed, 4 Jul 2012 14:40:24 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward3h.mail.yandex.net (forward3h.mail.yandex.net [84.201.187.148]) by mx1.freebsd.org (Postfix) with ESMTP id DBA948FC0C for ; Wed, 4 Jul 2012 14:40:23 +0000 (UTC) Received: from smtp2h.mail.yandex.net (smtp2h.mail.yandex.net [84.201.187.145]) by forward3h.mail.yandex.net (Yandex) with ESMTP id D73A71361FE3; Wed, 4 Jul 2012 18:39:52 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1341412792; bh=rvDeF4G3cI+d52UTh7BfdlcRHwZe53JliOu3oH09BD8=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=R8xzmM9oEtZ7gH3C4uOLP4/jReSA8yF3DXht5ApNyY5Tll9jvcFt8UlQMaPJa6gvK axcaNjjDMzta7zhnUDSD74iLjpgSrb9MtoomJWxoUAqlnE4bulHRpkQE9ZPQk2+O60 NxhaJjFOTYaEOOfxIlE3mf9a2FVvV3uHMsrkptFE= Received: from smtp2h.mail.yandex.net (localhost [127.0.0.1]) by smtp2h.mail.yandex.net (Yandex) with ESMTP id 8974B1700250; Wed, 4 Jul 2012 18:39:52 +0400 (MSK) Received: from dynamic-178-141-5-132.kirov.comstar-r.ru (dynamic-178-141-5-132.kirov.comstar-r.ru [178.141.5.132]) by smtp2h.mail.yandex.net (nwsmtp/Yandex) with ESMTP id dpKKAj2R-dqKiXZox; Wed, 4 Jul 2012 18:39:52 +0400 X-Yandex-Rcpt-Suid: bagadeh@gmail.com X-Yandex-Rcpt-Suid: freebsd-net@freebsd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1341412792; bh=rvDeF4G3cI+d52UTh7BfdlcRHwZe53JliOu3oH09BD8=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:X-Enigmail-Version:Content-Type: Content-Transfer-Encoding; b=LG51mUB+kLJGPP8aIc6iFaQW/JSMXqxHHeUm27AT8VTCkj6mghuP8tj2Abnf1XZTv IvApgSGQYlFZJ192AAsGvyJr9BODqmTh/feGPnI8je5ywGcpPMX0/Qd5RJY9FEBhiH tXX5pN6VnnvXZK4Jz5oRg/nMG5p+OYvvCAxocj1I= Message-ID: <4FF455B6.9050005@yandex.ru> Date: Wed, 04 Jul 2012 18:39:50 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.3) Gecko/20120406 Thunderbird/10.0.3 MIME-Version: 1.0 To: h bagade References: In-Reply-To: X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: problem on ipfw using mac addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 14:40:24 -0000 On 04.07.2012 17:04, h bagade wrote: > Hi all, > > I have a problem using ipfw firewall. I have a topology connected as below: > > A(192.168.1.55) ----- (192.168.1.1)my_sys(192.168.2.1) > -------(192.168.2.12)B > > I've set the rule "ipfw add 1 deny icmp from any to any" on my_sys, which > works correctly. I can't ping from A to B by the rule. Then I've added mac > part to the rule as the format of "ipfw add 1 deny icmp from any to any ma > any any" which seems the same as before but after that I could ping the B > from A. > What's the reason? I'm really confused with what I saw! Is it a bug? > > Any hints or suggestions are really appreciated. Please, read the ipfw(4) manual page about the sysctl variable net.link.ether.ipfw. -- WBR, Andrey V. Elsukov