From owner-freebsd-questions Sun Nov 25 1:21:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from bps.jodocus.org (c115139.upc-c.chello.nl [212.187.115.139]) by hub.freebsd.org (Postfix) with ESMTP id 508B437B405 for ; Sun, 25 Nov 2001 01:21:28 -0800 (PST) Received: (from joost@localhost) by bps.jodocus.org (8.11.3/8.11.3) id fAP9LFs02524; Sun, 25 Nov 2001 10:21:15 +0100 (CET) (envelope-from joost) Date: Sun, 25 Nov 2001 10:21:14 +0100 From: Joost Bekkers To: Chuck Root Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/VLAN Message-ID: <20011125102114.A2493@bps.jodocus.org> References: <3BFF5C8C.1CC4A6FF@mauibuilt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3BFF5C8C.1CC4A6FF@mauibuilt.com>; from puga@mauibuilt.com on Fri, Nov 23, 2001 at 10:38:36PM -1000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Nov 23, 2001 at 10:38:36PM -1000, Chuck Root wrote: > I am trying to use a freebsd box with 2 fxp NIC's in it as a firewall > between 2 points on a 802.1q tagged vlan trunk. > > I am bridging the interfaces using the BRIDGING option in the kernel and > I am using ipfw to filter pakets. > > The bridge and ipfw work fine with normal pakets but the ones with > 802.1q tages slip right on by. > > is there any way to do this? > > I have tried bridging the vlans them selfs with no luck. > The reason why 802.1q packets don't get filtered is this: The bridge code only sends ip packets through the firewall, all others (802.1q;ipx;arp;ipv6;....) will be passed no matter what. The reason why you can't bridge the vlan interfaces is because bridging only works on ethernet interfaces. At this point there is nothing you can do about it. (aside from changing the kernel code) -- greetz Joost joost@jodocus.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message