Date: Sat, 21 Jun 2003 15:53:32 +0200 From: "Oivind H. Danielsen" <oivind.danielsen@kopek.net> To: <freebsd-ipfw@freebsd.org> Subject: RE: arp, skipto, deny rules Message-ID: <NMEPLAHDNAPMGKOIJMLLEEBMCAAA.oivind.danielsen@kopek.net> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C8533702741B03@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I find in the below rules, that when rule 25 is present, that
> ARP packets are not passed through the bridge. When rule 25 is removed,
> arp packets pass ok.
>
> once the arp is known, packets pass just fine.
AFAIK, rule 25 will block <anything>, including layer2 packets.
You can explicitly allow arp packets using the following rule:
${fwcmd} add 24 allow mac any any mac-type arp
or better yet, use the layer2 keyword to define sections
in your rule set for the various traffic categories as
described in the man page. This way you don't have to
have an implicit "deny-all" policy for layer2 traffic
which you get with your current ruleset.
Best Regards,
Oivind H. Danielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NMEPLAHDNAPMGKOIJMLLEEBMCAAA.oivind.danielsen>