Date: Fri, 12 Aug 2005 00:08:19 -0400 (EDT) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: questions@freebsd.org Subject: 5.4 -- bridging, ipfw, dot1q Message-ID: <20050812000355.H30784@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
Okay, here's the situation. PLEASE let me know if there's a better place to ask. (isp@, kernel@, something) I'm setting up a bridging firewall where the packets are passing through on dot1q trunks. The bridge works. Packet counts work (so I assume the bridge at least sees the packets). Problem is, any "reasonable" rules (such as those which actually say to block traffic by ip or port or anything) aren't working at all. Not even logging counts. Setting the "bridged" flag doesn't seem to help. My only guess is that ipfw doesn't have the brains to look beyond the VLAN tags. Is this the case? Is this supported under 4.x, or is there any way AT ALL that I can get this to work? As a note, snort and trafshow and everything else work fine analyzing the bridge traffic, it seems only the kernel has an issue. -- "Of course she's gonna be upset! You're dealing with a woman here Dan, what the hell's wrong with you?" -S. Kennedy, 11/11/01 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050812000355.H30784>