From owner-freebsd-net@FreeBSD.ORG Mon Nov 13 17:20:43 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E61D916A47E for ; Mon, 13 Nov 2006 17:20:43 +0000 (UTC) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [81.171.104.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2526C43E74 for ; Mon, 13 Nov 2006 17:16:21 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: from CDION (ppp232-071.dsl.hol.gr [89.210.232.71]) by smtp.freemail.gr (Postfix) with ESMTP id 5D2AAA08402; Mon, 13 Nov 2006 19:16:11 +0200 (EET) Date: Mon, 13 Nov 2006 19:16:50 +0200 From: Chris Dionissopoulos X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <1039986302.20061113191650@freemail.gr> To: Gleb Kurtsou In-Reply-To: <20061113114731.GA1620@h1.d> References: <200611090632.kA96Wd5Q098835@repoman.freebsd.org> <20061109200037.GA1398@h1.d> <20061109203858.GB60329@heff.fud.org.nz> <20061110200328.GA6904@h1.d> <20061110232108.GA65230@heff.fud.org.nz> <20061113114731.GA1620@h1.d> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: macfw -- layer2 firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 17:20:44 -0000 Hello Gleb, Monday, November 13, 2006, 1:47:31 PM, you wrote: > On (11/11/2006 12:21), Andrew Thompson wrote: >> On Fri, Nov 10, 2006 at 10:03:28PM +0200, Gleb Kurtsou wrote: >> > On (10/11/2006 09:38), Andrew Thompson wrote: >> > > On Thu, Nov 09, 2006 at 10:00:37PM +0200, Gleb Kurtsou wrote: >> > > > On (09/11/2006 06:32), Andrew Thompson wrote: >> > > > > thompsa 2006-11-09 06:32:39 UTC >> > > > > >> > > > > FreeBSD src repository >> > > > > >> > > > > Modified files: >> > > > > sbin/ifconfig ifbridge.c ifconfig.8 >> > > > > sys/net if_bridge.c if_bridgevar.h >> > > > > Log: >> > > > > Add a new address cache type called sticky. On an interface marked sticky any >> > > > > address learned by the bridge is made permanent, the address will not age out >> > > > > and most importantly will not migrate to another interface. >> > > > > >> > > > > This can be used to stop mac address poisoning or clients roaming in much the >> > > > > same way as static entries without the hassle of preloading the table. >> > > > >> > > > I have some sort of MAC firewall. It's tested and seems to work reliably >> > > > but it's mostly a hack. It adds mtag with source MAC to mbufs and filters >> > > > according them. If you you are interesting in reviewing and possibly >> > > > committing it, I'll be glad to send you sources. >> > > >> > > Sure, send me the sources and I will have a look. >> > >> > Didn't test it on -CURRENT. >> > >> >> It looks like a good piece of work. You should post it to the net@ >> mailing list for comments, there has been some discussion lately about >> layer2 firewalls. I will try it out as time permits. >> >> >> cheers, >> Andrew >> > In case somebody is interested.. I'm really interest to test your patch. -- Best regards, Chris mailto:dionch@freemail.gr