Date: Wed, 23 Oct 2002 01:19:26 -0400 (EDT) From: Andriy Gapon <agapon@excite.com> To: freebsd-ipfw@freebsd.org Subject: ipfw: ether_output_frame -> bdg_forward Message-ID: <20021023005503.V44234-100000@edge.foundation.invalid>
next in thread | raw e-mail | index | archive | help
After using my firewall with layer2-specific rules and both net.link.ether.ipfw=1 and net.link.ether.bridge_ipfw=1, and after looking into the code in bridge.c /bdg_forward()/ and if_ethersubr.c /ether_output_frame()/, I am under impression that a packet passed to ether_output_frame() on a bridged interface will not undergo firewall checking in either ether_output_frame() (looks like a packet is handed off to bdg_forward() before any ipfw-related code) or bdg_forward() (there is a comment saying "Only if firewall is loaded, enabled, and the packet is not from ether_output() (src==NULL, or we would filter it twice)", which doesn't seem to be correct). Have I missed something ? -- Andriy Gapon * "Never try to outstubborn a cat." Lazarus Long, "Time Enough for Love" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021023005503.V44234-100000>