Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Dec 2004 08:31:16 -0300
From:      "Renato Barreto" <renato_barreto@banrisul.com.br>
To:        <freebsd-ipfw@freebsd.org>
Subject:   Firewall bridge mode with ipfw
Message-ID:  <794C454376DCD6118B3200104B86ECFF0C3F3C7C@n073.banrisul>

next in thread | raw e-mail | index | archive | help
Hi,

In a bridge mode firewall (4.10-RELEASE) with IPFW2, how to implement a =
more restrict rule to pass MAC packet.
If MAC is blocked, bridge don=B4t work.

/var/log/security:
Dec 10 08:21:47 FB06 /kernel: ipfw: 65000 Accept MAC in via xl0
Dec 10 08:26:14 FB06 /kernel: ipfw: 65000 Accept MAC in via vr0

The rule 65000 is completly open:

#ipfw show
65000  6298  309886 allow log ip from any to any layer2 keep-state=20

#/etc/sysctl.conf
sysctl net.link.ether.bridge=3D1
sysctl net.link.ether.bridge_ipfw=3D1
sysctl net.link.ether.bridge_cfg=3Dxl0,vr0

TIA,

Renato



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?794C454376DCD6118B3200104B86ECFF0C3F3C7C>