From owner-freebsd-pf@FreeBSD.ORG Mon Sep 18 04:11:00 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2B4716A403 for ; Mon, 18 Sep 2006 04:11:00 +0000 (UTC) (envelope-from unixtools@hotmail.com) Received: from bay0-omc3-s19.bay0.hotmail.com (bay0-omc3-s19.bay0.hotmail.com [65.54.246.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 936A143D46 for ; Mon, 18 Sep 2006 04:11:00 +0000 (GMT) (envelope-from unixtools@hotmail.com) Received: from hotmail.com ([65.54.161.93]) by bay0-omc3-s19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 17 Sep 2006 21:11:00 -0700 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 17 Sep 2006 21:11:00 -0700 Message-ID: Received: from 203.199.109.161 by BAY106-DAV21.phx.gbl with DAV; Mon, 18 Sep 2006 04:10:58 +0000 X-Originating-IP: [203.199.109.161] X-Originating-Email: [unixtools@hotmail.com] X-Sender: unixtools@hotmail.com From: To: "Mircea Popescu" , References: Date: Mon, 18 Sep 2006 09:51:51 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-OriginalArrivalTime: 18 Sep 2006 04:11:00.0236 (UTC) FILETIME=[72E9E4C0:01C6DAD8] Cc: Subject: Re: TRansparent firewalll (pf vs ipfw) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 04:11:01 -0000 Hi, Ipfw Bridging works well for our large network. You need a good network interface though.If you are trying load balancing pf is the best bet. For bridging, I suppose ipfw is better. -Sunil Sunder Raj ----- Original Message ----- From: "Mircea Popescu" To: Sent: Friday, September 08, 2006 8:26 PM Subject: TRansparent firewalll (pf vs ipfw) > Hi! > > I have an Freebsd 6.0 box with a functioning bridge (bridge0 = fxp0 + rl0) > > My problem is that if I try to cut access to any port on bridge0 > interface using PF, nothing happens. > > For example I've tried to cut access to ssh service from a certain ip > ... putty still managed to get through. > > The rule was: > block on bridge0 proto { tcp udp } from yy.yy.yy.yy to xx.xx.xx.xx port pppppp > > BUT, with the following rule: > block on rl0 proto { tcp udp } from yy.yy.yy.yy to xx.xx.xx.xx. port pppppp > > Putty couldn't obtain a connection. > > Considering the fact that in linux, which I gave up using, making a > bridge would disable the interfaces within, I WOULD LIKE TO HAVE SOME > QUESTIONS ANSWERED: > > 1. Once the bridge0 interface is created, the fxp0 and rl0 interfaces > could still get their own ip addresses? (in linux this would be > imposible) > > 2. Which firewall it is more desirable to use with a bridge? PF or IPFW) > > > Thx a lot > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >