Date: Fri, 10 Dec 2004 08:31:16 -0300 From: "Renato Barreto" <renato_barreto@banrisul.com.br> To: <freebsd-ipfw@freebsd.org> Subject: Firewall bridge mode with ipfw Message-ID: <794C454376DCD6118B3200104B86ECFF0C3F3C7C@n073.banrisul>
next in thread | raw e-mail | index | archive | help
Hi, In a bridge mode firewall (4.10-RELEASE) with IPFW2, how to implement a = more restrict rule to pass MAC packet. If MAC is blocked, bridge don=B4t work. /var/log/security: Dec 10 08:21:47 FB06 /kernel: ipfw: 65000 Accept MAC in via xl0 Dec 10 08:26:14 FB06 /kernel: ipfw: 65000 Accept MAC in via vr0 The rule 65000 is completly open: #ipfw show 65000 6298 309886 allow log ip from any to any layer2 keep-state=20 #/etc/sysctl.conf sysctl net.link.ether.bridge=3D1 sysctl net.link.ether.bridge_ipfw=3D1 sysctl net.link.ether.bridge_cfg=3Dxl0,vr0 TIA, Renato
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?794C454376DCD6118B3200104B86ECFF0C3F3C7C>