Date: Thu, 23 Jun 2005 17:34:45 +0300 From: Alin-Adrian Anton <aanton@spintech.ro> To: Ben <ben@thegeekzone.com> Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: ipfw2 filtering on bridge Message-ID: <42BAC885.3030901@spintech.ro> In-Reply-To: <42BA0DE9.4040809@thegeekzone.com> References: <42B9E62C.7000204@spintech.ro> <42BA0DE9.4040809@thegeekzone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ben wrote: > I'm sorry, I can't send this to the list because my messages to the list > bounce because reverse DNS isn't set up. > No worries, thanks a lot for answering. > This is funny, I just set this up for the first time yesterday except I > set everything up to have no IP addresses so that the firewall would be > invisible to anyone. I think I see what is wrong with your setup... > > You've got to change net.link.ether.bridge_ipfw=1 to > net.link.ether.bridge.ipfw=1 in /etc/sysctl.conf. The handbook > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html) > says that net.link.ether.bridge_ipfw=1 was updated in 5.2-RELEASE. > net.link.ether.bridge.enable=1 net.link.ether.bridge.config=fxp0,fxp1 net.link.ether.bridge_ipfw=1 # sysctl net.link.ether.bridge.ipfw=1 net.link.ether.bridge.ipfw: 1 -> 1 # # ipfw add deny icmp from any to any 00100 deny icmp from any to any # # ipfw show 00100 0 0 deny icmp from any to any 65535 931748 651891769 allow ip from any to any # PING EXT_IP_BEHIND_BRIDGE: 56 data bytes 64 bytes from EXT_IP_BEHIND_BRIDGE: icmp_seq=0 ttl=233 time=74.399 ms 64 bytes from EXT_IP_BEHIND_BRIDGE: icmp_seq=1 ttl=233 time=106.194 ms Seems not to be working :( Yours, -- Alin-Adrian Anton GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA) gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA "It is dangerous to be right when the government is wrong." - Voltaire
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42BAC885.3030901>