From owner-freebsd-questions  Tue Apr 20  0:18:44 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30])
	by hub.freebsd.org (Postfix) with ESMTP id 2B5DF1530E
	for <freebsd-questions@freebsd.org>; Tue, 20 Apr 1999 00:18:38 -0700 (PDT)
	(envelope-from Stanley.Hopcroft@ipaustralia.gov.au)
Received: (from smap@localhost)
	by pericles.IPAustralia.gov.au (8.9.1/8.9.1) id RAA29380;
	Tue, 20 Apr 1999 17:15:39 +1000 (EST)
X-Authentication-Warning: pericles.IPAustralia.gov.au: smap set sender to <Stanley.Hopcroft@ipaustralia.gov.au> using -f
Received: from noteshub01.aipo.gov.au(10.0.100.21) by pericles.IPAustralia.gov.au via smap (V2.0)
	id xmac29350; Tue, 20 Apr 99 17:15:26 +1000
Received: by noteshub01.aipo.gov.au(Lotus SMTP MTA v4.6.3 (778.2 1-4-1999))  id 4A256759.002778AE ; Tue, 20 Apr 1999 17:11:07 +1000
X-Lotus-FromDomain: IP_AUSTRALIA
From: Stanley.Hopcroft@ipaustralia.gov.au
To: freebsd-questions@freebsd.org
Cc: Carl.Makin@ipaustralia.gov.au
Message-ID: <4A256759.00277723.00@noteshub01.aipo.gov.au>
Date: Tue, 20 Apr 1999 17:10:07 +1000
Subject: IPFW and bridging
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Dear Ladies and Gentlemen,

I am writing to ask your help with the new BRIDGE kernel option, to use ipfw to
discard packets that will cause *chaos* if they are forwarded (eg DHCP clients
on 2 LANs each with their own DHCP server connected by a transparent bridge ...
clients are offered addresses by both servers, which may not be what you want
...)

Please would you tell me

1 is it possible to bridge based on LLC SAP (eg 0xAA for 802.3 encapsulated IP
packets, 0x04 for SNA etc) ?

2 is it possible to bridge based on any other part of the packets contents. man
ipfw refers to /etc/protocols but my 2,2.8-STABLE router has no such file ?

3 How can I do these things ?

My kernel, 2.2.8-STABLE, has option BRIDGE set, the sysctl options for bridge
are visible, the box has two ed interfaces. The box certainly bridges - as the
DHCP catastophe informed me - but I need to restrain it.

Thank you,

Yours sincerely.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message