From owner-freebsd-security  Thu Jul 25  5: 2:10 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3BF0137B400; Thu, 25 Jul 2002 05:02:07 -0700 (PDT)
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 58E9043E31; Thu, 25 Jul 2002 05:02:06 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from house.sentex.net (fcage [192.168.0.2])
	by cage.simianscience.com (8.12.5/8.12.3) with ESMTP id g6PC1wrw044522;
	Thu, 25 Jul 2002 08:01:59 -0400 (EDT)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20020725075401.07beb2b8@192.168.0.12>
X-Sender: mdtancsa@192.168.0.12
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 25 Jul 2002 08:00:01 -0400
To: FreeBSD MAIL <freebsd@mauibuilt.com>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Vlan filtering.
Cc: freebsd-networking@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
In-Reply-To: <200207250458.g6P4w2Yd048482@mauibuilt.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: amavis-20020220
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Why not just filter by interface that you have associated with the vlan ? 
e.g. you want to block all packets from vlan 123 and your next free vlan 
interface is vlan12

ifconfig vlan12 vlan 123 vlandev fxp0

ipfw add 12 deny log all from any to any via vlan12

This would effectively block all VLAN packets that are part of the 802.1q 
vlan 123.

         ---Mike



At 06:58 PM 7/24/2002 -1000, FreeBSD MAIL wrote:
>I was wondering what it would take to get IPFW and BRIDGING to be able
>to filter 802.1q tagged vlan pakets?
>
>I know you can bridge Vlan interfcaces but ipfw dosnt seem to pick up tagged
>packets.
>
>Is there anyone working on this or has gotten this working?
>
>Thanks in advance.
>
>Richard Puga
>puga@mauibuilt.com
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message