From owner-freebsd-net Mon Mar 26 15:15:38 2001 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id DBD4937B718 for ; Mon, 26 Mar 2001 15:15:35 -0800 (PST) (envelope-from archie@dellroad.org) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id PAA30919; Mon, 26 Mar 2001 15:04:16 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.1/8.11.1) id f2QN3cA40257; Mon, 26 Mar 2001 15:03:38 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200103262303.f2QN3cA40257@arch20m.dellroad.org> Subject: Re: netgraph ng_bridge and ipfilter In-Reply-To: <200103261645.SAA71441@info.iet.unipi.it> "from Luigi Rizzo at Mar 26, 2001 06:45:33 pm" To: Luigi Rizzo Date: Mon, 26 Mar 2001 15:03:38 -0800 (PST) Cc: Peter.Blok@inter.NL.net, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Luigi Rizzo writes: > > Another question. I saw a posting a while ago, ipfilter doesn't work > > completely when a bridge is created with netgraph. I want to create a > > transparent firewall without NAT. I know OpenBSD has a bridge that works, > > but OpenBSD doesn't have netgraph. > > > > Is this still the case with 4.3-RC > > the above description is a bit confused -- do you need netgraph > for some reason, or what ? > In any case, in 4.3, native bridging now works with ipfw > to build transparent firewalls (without nat). > Don't know if you can do the same with netgraph, i am > sure you will get some reply from the authors Netgraph should be completely orthogonal to the firewall stuff, i.e., they don't interact at all. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message