Date: Thu, 12 Apr 2007 09:37:46 +0800 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: net@freebsd.org Subject: Re: ipfw tags & filtering incoming broadcasts Message-ID: <20070412013746.GA44307@svzserv.kemerovo.su> In-Reply-To: <20070411144309.GA3456@grosbein.pp.ru> References: <20070411144309.GA3456@grosbein.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 11, 2007 at 10:43:09PM +0800, Eugene Grosbein wrote: > There is no problem to filter unicasts. But I want also block all > broadcasts except of incoming RIPv2, some of hardware > routers send broadcasts instead of multicasts here. > > I've tried this way: I've just added a copy of rule 50 with number 35: > ipfw add 30 allow tag 1 ip from any to any MAC ff:ff:ff:ff:ff:ff any ipfw add 35 count log ip from any to any tagged 1 > ipfw add 40 allow ip from any to any layer2 > ipfw add 50 count log ip from any to any tagged 1 And I see that tag is kept during layer2 filtering stage but seem to be lost somewhere in space in transition to layer3 stage. So that is the question: is it a bug or featue? Eugene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070412013746.GA44307>