Date: Mon, 28 Nov 2005 21:22:15 +0100 From: "Michiel Kranenburg" <michiel@nl-hrln-ptgrf.net> To: <freebsd-pf@freebsd.org> Subject: OpenBSD's PF with a bridge on FreeBSD 6.x Message-ID: <20051128190721.337CA193636@mail.nl-hrln-ptgrf.net>
next in thread | raw e-mail | index | archive | help
Hi all, I’m currently running FreeBSD 6.0-RELEASE. I have 2 ethernet-cards running in promisc mode that should bridge my ISP modem with my switch. xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=9<RXCSUM,VLAN_MTU> inet6 fe80::201:2ff:fe09:84f3%xl0 prefixlen 64 scopeid 0x1 inet 145.99.138.82 netmask 0xfffffff0 broadcast 145.99.138.95 inet 145.99.138.83 netmask 0xfffffff0 broadcast 145.99.138.95 ether 00:01:02:09:84:f3 media: Ethernet autoselect (100baseTX <full-duplex>) status: active xl2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=9<RXCSUM,VLAN_MTU> inet6 fe80::250:4ff:fe55:2852%xl2 prefixlen 64 scopeid 0x3 ether 00:50:04:55:28:52 media: Ethernet autoselect (100baseTX <full-duplex>) status: active Currently this is my situation: ( Internet (/28) ) <-> ( xl0 ) <bridge> ( xl2 ) <-> ( switchs ) <-> ( clients ) The problem is that I want PF (OpenBSD’s Packet Filter) to firewall my server and the bridge (for the clients). The packet filter works great for the server, it handles packets that are defined in the ruleset perfectly. The real problem relies on filtering the bridge, PF passes all traffic too the bridge _even_ when some kind of traffic is blocked on xl0. (So it shouldn’t be on the network anyway) Can someone help me to get filtering on de bridge to work? Please CC me as I'm not subscribed to this list! With kind regards, Michiel Kranenburg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051128190721.337CA193636>