From owner-freebsd-ipfw@FreeBSD.ORG  Sun Mar 15 07:36:54 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AD3371065678
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Mar 2009 07:36:54 +0000 (UTC)
	(envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 2DBF78FC18
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Mar 2009 07:36:53 +0000 (UTC)
	(envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id n2F7XKed089703
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 15 Mar 2009 14:33:20 +0700 (ICT)
	(envelope-from on@banyan.cs.ait.ac.th)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.14.2/8.12.11) id n2F7acad033835;
	Sun, 15 Mar 2009 14:36:38 +0700 (ICT)
Date: Sun, 15 Mar 2009 14:36:38 +0700 (ICT)
Message-Id: <200903150736.n2F7acad033835@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: julian@elischer.org
In-reply-to: <49BCA1AC.7080905@elischer.org> (message from Julian Elischer on
	Sat, 14 Mar 2009 23:35:24 -0700)
References: <200903150605.n2F653Uw021328@banyan.cs.ait.ac.th>
	<49BCA1AC.7080905@elischer.org>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw amd bridge
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Mar 2009 07:36:55 -0000

Thanks,

> > I remember reqading in the past (4.x) that on a machine with bridged
> > interfaces, only layer 2 rules of ipfw would apply.
> 
> not quite.
> there are rules that do not work when called from a layer two
> point. e.g. divert does not work, nor does 'fwd' (without patches).

And what would be the patches (if any exists)?

> note if_bridge and bridge are different and may have
> behavioral differences in this regard.

I think it will be if_bridge (as bridge is obsolete).

Bests,

Olivier