From owner-freebsd-ipfw@FreeBSD.ORG  Thu Dec  9 23:25:26 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B28F016A4CE
	for <ipfw@freebsd.org>; Thu,  9 Dec 2004 23:25:26 +0000 (GMT)
Received: from smtpx.spintech.ro (smtpx.spintech.ro [81.181.24.231])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 663A343D1D
	for <ipfw@freebsd.org>; Thu,  9 Dec 2004 23:25:26 +0000 (GMT)
	(envelope-from aanton@spintech.ro)
Received: from smtpx.spintech.ro (jail-clamsmtp [15.0.0.1])
	by smtpx.spintech.ro (Postfix) with ESMTP id 7C3EF3A514
	for <ipfw@freebsd.org>; Thu,  9 Dec 2004 22:10:54 +0000 (UTC)
Received: from [81.181.24.230] (beastie.spintech.ro [81.181.24.230])
	by smtpx.spintech.ro (Postfix) with ESMTP id 4CF703A4F2
	for <ipfw@freebsd.org>; Thu,  9 Dec 2004 22:10:54 +0000 (UTC)
Message-ID: <41B8DEEA.8080802@spintech.ro>
Date: Fri, 10 Dec 2004 01:25:30 +0200
From: Alin-Adrian Anton <aanton@spintech.ro>
User-Agent: Mozilla Thunderbird 0.8 (X11/20041016)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ipfw@freebsd.org
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AV-Checked: ClamAV using ClamSMTP
Subject: 5.3 ipfw states in bridged mode
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2004 23:25:26 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

	I noticed ipfilter and pf are not capable yet of correctly handling
traffic states when run in bridged enviroments.

	I tried ipfw to see if it works, but either I did a mistake, either it
doesn't work either.

	I can block any traffic with IPFW on my bridge (3 NIC cards bridged
together), as long as I evoid using keep-state / check-state keywords.

	The bridge and ipfw code is loaded as module.

	I just wanted to check. So, can anyone please tell me, is IPFW able to
correctly keep all states in bridged enviroments? (5.3-RELEASE)

	Thanks a lot!

Yours,
- --
Alin-Adrian Anton
Spintech Systems
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFBuN7q0yNjnR4v/y4RAgkLAKDAJCVt8t4N8UhCbGc8mZQzeoHKkACeLTvP
/Mf0yahuQBqpb6oqWX34w/k=
=p8+P
-----END PGP SIGNATURE-----