Date: Fri, 15 Oct 2004 13:53:10 -0700 (PDT) From: Jon Simola <jon@abccom.bc.ca> To: Andrew Friedley <saai@uni.edu> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw with bridging Message-ID: <20041015134812.A57067-100000@tyberius.abccom.bc.ca> In-Reply-To: <20041015185302.GA27894@thor>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Oct 2004, Andrew Friedley wrote:
> What i need to do is to be able to drop or accept packets based on the
> interface they came in on, the interface they are going out on, and their
> source mac address.
>
> Matching on source mac addresses is no problem, nor is matching on the
> interface a packet comes in on. However, i am unable to write a rule that
> matches packets going out on a specific interface. Is this possible?
Not on a bridge as packets take the bdg_forward path. "out via xl2 layer2"
can only match packets going through ether_output_frame.
Check the man page, there's a great ascii drawing of how it works in the
PACKET FLOW section.
You may be able to get some similar functionality to what you desire using
bridge groups.
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041015134812.A57067-100000>