From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 15 18:53:05 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C52D16A4CE for ; Fri, 15 Oct 2004 18:53:05 +0000 (GMT) Received: from cougar.uni.edu (cougar.uni.edu [134.161.1.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD0543D3F for ; Fri, 15 Oct 2004 18:53:04 +0000 (GMT) (envelope-from saai@uni.edu) Received: from thor ([134.161.67.51]) by uni.edu (PMDF V6.2-X27 #30994) with SMTP id <01LG29NY1QBS8X83K8@uni.edu> for freebsd-ipfw@freebsd.org; Fri, 15 Oct 2004 13:53:02 -0500 (CDT) Date: Fri, 15 Oct 2004 13:53:02 -0500 From: Andrew Friedley To: freebsd-ipfw@freebsd.org Message-id: <20041015185302.GA27894@thor> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.4.2.1i Subject: ipfw with bridging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 18:53:05 -0000 I am looking into using ipfw and bridging on freebsd as an alternative to ebtables and bridging on linux. What i need to do is to be able to drop or accept packets based on the interface they came in on, the interface they are going out on, and their source mac address. Matching on source mac addresses is no problem, nor is matching on the interface a packet comes in on. However, i am unable to write a rule that matches packets going out on a specific interface. Is this possible? I want do do something like the following, but the rule does not match any packets: ipfw add 100 count all from any to any out via xl2 layer2 -- Andrew Friedley Programmer, ITS Network Services University of Northern Iowa