Date: Fri, 6 Apr 2001 09:35:58 -0500 From: afleming@fhsu.edu To: freebsd-questions@freebsd.org Subject: Bridging, IPFW, and Dropping Non IP Packets Message-ID: <OFDA3FE5EC.7F6C58A4-ON86256A26.004CBD80@fhsu.edu>
next in thread | raw e-mail | index | archive | help
Can someone tell me how to modify the bridge.c file, so that when IPFW is turned on (net.link.ether.bridge_ipfw=1), all packets which are not IP (except of course ARP) are just dropped? I don't need to log them, I just need to drop them. I have a location, that I need to use a filtering bridge as a Firewall. I can't subnet the network, and I need some of the machines on that IP network outside of the firewall and some machines inside. The other requirement is that I don't want to pass anything through the firewall/bridge but IP Packets (and of course ARP packets). When I first built a FreeBSD bridge (using 4.0) for this project and tested it, it worked great because when IPFW was enabled nothing was passed but IP Packets. Since we still had not installed the machine yet, I rebuilt it with FreeBSD 4.2. I then found out about the changes to the bridge code. I agree for the most uses the changes would be desirable, but the way I want to use the machine passing non IP packets is not desirable. I have tried to modify the bridge.c code and recompile the Kernel. The new kernel works if I just have the bridging part turned on, but as soon as I turn the IPFW part of the bridge code on with the sysctl command the kernel panics. Thanks for any help that anyone can provide. Andrew Andrew Fleming Fort Hays State University Computing Center Phone: (785) 628-4433 E-mail: afleming@fhsu.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OFDA3FE5EC.7F6C58A4-ON86256A26.004CBD80>