From owner-freebsd-questions  Fri Apr  6  7:36: 6 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from tiger.fhsu.edu (tiger.fhsu.edu [164.113.60.1])
	by hub.freebsd.org (Postfix) with ESMTP id F1D4E37B42C
	for <freebsd-questions@freebsd.org>; Fri,  6 Apr 2001 07:36:01 -0700 (PDT)
	(envelope-from afleming@fhsu.edu)
Subject: Bridging, IPFW, and Dropping Non IP Packets
To: freebsd-questions@freebsd.org
X-Mailer: Lotus Notes Release 5.0.6a  January 17, 2001
Message-ID: <OFDA3FE5EC.7F6C58A4-ON86256A26.004CBD80@fhsu.edu>
From: afleming@fhsu.edu
Date: Fri, 6 Apr 2001 09:35:58 -0500
X-MIMETrack: Serialize by Router on NotesHub/FHSU(Release 5.0.6a |January 17, 2001) at
 04/06/2001 09:36:02 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Can someone tell me how to modify the bridge.c file, so that when IPFW is
turned on (net.link.ether.bridge_ipfw=1), all packets which are not IP
(except of course ARP) are just dropped?  I don't need to log them, I just
need to drop them.

I have a location, that I need to use a filtering bridge as a Firewall.  I
can't subnet the network, and I need some of the machines on that IP
network outside of the firewall and some machines inside.  The other
requirement is that I don't want to pass anything through the
firewall/bridge but IP Packets (and of course ARP packets).

When I first built a FreeBSD bridge (using 4.0) for this project and tested
it, it worked great because when IPFW was enabled nothing was passed but IP
Packets.  Since we still had not installed the machine yet, I rebuilt it
with FreeBSD 4.2.  I then found out about the changes to the bridge code.
I agree for the most uses the changes would be desirable, but the way I
want to use the machine passing non IP packets is not desirable.

I have tried to modify the bridge.c code and recompile the Kernel.  The new
kernel works if I just have the bridging part turned on, but as soon as I
turn the IPFW part of the bridge code on with the sysctl command the kernel
panics.

Thanks for any help that anyone can provide.

Andrew

Andrew Fleming
Fort Hays State University Computing Center
Phone: (785) 628-4433
E-mail: afleming@fhsu.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message