Date: Tue, 29 May 2007 10:23:04 +0200 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: freebsd-ipfw@freebsd.org Subject: Limit Ethernet Broadcast Message-ID: <465BE2E8.50908@ide.resurscentrum.se>
next in thread | raw e-mail | index | archive | help
Hi.
I am trying to limit traffic to the Ethernet broadcast address
(ff:ff:ff:ff:ff:ff). I am running IPFW on a if_bridge(4) and don't want
clients from member if's to be able to send ethernet broadcasts to each
other. The router itself though should be able to send traffic to the
Ethernet Broadcast address and clients should be able to send traffic to
the router destined for Ethernet Broadcast address. Accordingly to man
pages I cannot use the "me" statement as this only applies to
IP-addresses configured on the local system, my if's don't have
IP-addresses configured. Only the bridge itself has an IP-address.
Config:
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet X.X.X.X netmask 0xffffff80 broadcast X.X.X.X
ether 00:00:00:00:00:00
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: em0.10 flags=1<LEARNING>
member: em0.20 flags=1<LEARNING>
Summary (no valid IPFW-config, just to illustrate):
allow from router to ff:ff:ff:ff:ff:ff
allow from em0.* to router MAC ff:ff:ff:ff:ff:ff any
deny from em0.* to em0.* MAC ff:ff:ff:ff:ff:ff any
Is this doable?
//Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465BE2E8.50908>