From owner-freebsd-net Tue Mar 27 19: 9:15 2001 Delivered-To: freebsd-net@freebsd.org Received: from filk.iinet.net.au (syncopation-dns.iinet.net.au [203.59.24.29]) by hub.freebsd.org (Postfix) with SMTP id 4C3AB37B76B for ; Tue, 27 Mar 2001 19:09:10 -0800 (PST) (envelope-from julian@elischer.org) Received: (qmail 30469 invoked by uid 666); 28 Mar 2001 03:10:57 -0000 Received: from i078-115.nv.iinet.net.au (HELO elischer.org) (203.59.78.115) by mail.m.iinet.net.au with SMTP; 28 Mar 2001 03:10:57 -0000 Message-ID: <3AC0CCC3.F7DD8133@elischer.org> Date: Tue, 27 Mar 2001 09:24:19 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: Luigi Rizzo Cc: Archie Cobbs , Peter.Blok@inter.NL.net, freebsd-net@FreeBSD.ORG Subject: Re: netgraph ng_bridge and ipfilter References: <200103270656.IAA78972@info.iet.unipi.it> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo wrote: > > > > > completely when a bridge is created with netgraph. I want to create a > > > > transparent firewall without NAT. I know OpenBSD has a bridge that works, > ... > > Netgraph should be completely orthogonal to the firewall stuff, > > i.e., they don't interact at all. > > in this case, this person seemed to _need_ the interaction in > order to have a bridging firewall that would be a brouter and not a bridge..Filering on IP at link layer.. yuck. It's really a crime against humanity but then that's never stopped such things before.. I have been considering what it would take to add the ability to insert an arbitrary filter module into a bridge.. not much. But anyone who wants to do that really should be taken out and shot I think. > > cheers > luigi > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message