Date: Wed, 29 Aug 2012 13:16:10 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: ipfw, "ip|all" proto and PPPoE -- does PPPoE packets passed to ipfw? Message-ID: <1865271844.20120829131610@serebryakov.spb.ru>
next in thread | raw e-mail | index | archive | help
Hello, Freebsd-net. I have interface (vr1), most of traffic on which is PPPoE. I have ipfw firewall, which splits traffic by interfaces via: add 2000 skipto 5000 all from any to any via em0 add 2010 skipto 7000 all from any to any via wlan0 add 2020 skipto 11000 all from any to any via vr1 add 2030 skipto 13000 all from any to any via ng0 add 2040 skipto 15000 ipv6 from any to any via gif0 add 2999 deny all from any to any ... And later here are some basic checks, nat, "check-state" and some stateful rules. Does PPPoE packets match rule 2020, and other rules like "nat 1 ip from any to any"? ipfw(8) says, that "all" is synonym to "ip" but means "Matches any packet.". Does it mean really _any_ packer and all PPPoE traffic goes through NAT (useless) and "check-state" (useless too)? -- // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1865271844.20120829131610>