Date: Sun, 4 Nov 2018 06:35:48 +0000 (UTC) From: Eugene Grosbein <eugen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r340110 - head/sbin/ipfw Message-ID: <201811040635.wA46ZmWO098608@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eugen Date: Sun Nov 4 06:35:48 2018 New Revision: 340110 URL: https://svnweb.freebsd.org/changeset/base/340110 Log: ipfw(8): clarify layer2 processing abilities Make it clear that ipfw action set for layer2 frames it a bit limited. PR: 59835 Reviewed by: yuripv MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D17719 Modified: head/sbin/ipfw/ipfw.8 Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Sun Nov 4 06:25:07 2018 (r340109) +++ head/sbin/ipfw/ipfw.8 Sun Nov 4 06:35:48 2018 (r340110) @@ -511,6 +511,27 @@ ipfw add 10 skipto 4000 all from any to any layer2 out .Pp (yes, at the moment there is no way to differentiate between ether_demux and bdg_forward). +.Pp +Also note that only actions +.Cm allow, +.Cm deny, +.Cm netgraph, +.Cm ngtee +and related to +.Cm dummynet +are processed for +.Cm layer2 +frames and all other actions act as if they were +.Cm allow +for such frames. +Full set of actions is supported for IP packets without +.Cm layer2 +headers only. +For example, +.Cm divert +action does not divert +.Cm layer2 +frames. .Sh SYNTAX In general, each keyword or argument must be provided as a separate command line argument, with no leading or trailing
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811040635.wA46ZmWO098608>