From owner-freebsd-stable@FreeBSD.ORG  Sat Jan 31 06:47:51 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 25F2916A4CE
	for <freebsd-stable@freebsd.org>;
	Sat, 31 Jan 2004 06:47:51 -0800 (PST)
Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 987EA43D39
	for <freebsd-stable@freebsd.org>;
	Sat, 31 Jan 2004 06:47:47 -0800 (PST)
	(envelope-from freebsd-questions@premsoft.co.za)
Received: from premsoft.co.za (c17-rba-47.dial-up.net [196.39.8.174])
	by mercury.is.co.za (Postfix) with ESMTP
	id 1051FBBC2C; Sat, 31 Jan 2004 16:47:44 +0200 (SAST)
Message-ID: <401BC037.20009@premsoft.co.za>
Date: Sat, 31 Jan 2004 16:48:23 +0200
From: "freebsd-question@premsoft.co.za" <freebsd-questions@premsoft.co.za>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: David Malone <dwmalone@maths.tcd.ie>
References: <20040130083808.GA60129@cartman.south-park>
	<20040130134306.GA17621@walton.maths.tcd.ie>
In-Reply-To: <20040130134306.GA17621@walton.maths.tcd.ie>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-stable@freebsd.org
Subject: Re: IPF, IPv6 and a bridge
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jan 2004 14:47:51 -0000

David Malone wrote:

>On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote:
>  
>
>>ipfw doesn't seem to block router advertisements on a
>>bridge either. Is this just a problem with both those firewall tools or is
>>it a problem in FreeBSD?
>>    
>>
>
>Bridged packets are special and are not usually firewalled. I could be
>mistaken, but I don't think you can get ipf to filter bridged packets
>in 4.9. You could use ipfw2 to do it though:
>
>	sysctl net.link.ether.bridge_ipfw=1
>	ipfw add deny layer2 mac-type ipv6 recv tun1
>
>(You'll need to turn on ipfw2 to do this - see the ipfw man page for
>details).
>
>	David.
>_______________________________________________
>freebsd-stable@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>
>  
>
Actually, I think it is possible
I have not tested this, but there is also a sysctl knob for ipf:
net.link.ether.bridge_ipf: 0

Regards
Jaco