Date: Wed, 29 May 2002 09:35:12 -0700 From: "Albuquerque, Marcelo M" <marcelo.m.albuquerque@boeing.com> To: "'Luigi Rizzo'" <rizzo@icir.org> Cc: "'freebsd-net@freeBSD.ORG'" <freebsd-net@FreeBSD.ORG> Subject: RE: Does "xmit" work with ipfw dummynet? Message-ID: <F10E013C394AD411A2F10008C75DF4823D4388@xch-knt-01.nw.nos.boeing.com>
next in thread | raw e-mail | index | archive | help
Thanks Luigi. > xmit cannot match on bridged packets Is it a hard problem to make xmit compatible with bridged packets or is it just that no one had the need yet to implement the changes? Is there any way around this limitation that would allow us to achive the same goal? -----Original Message----- From: Luigi Rizzo [mailto:rizzo@icir.org] Sent: Wednesday, May 29, 2002 8:42 AM To: Albuquerque, Marcelo M Cc: 'freebsd-net@freeBSD.ORG' Subject: Re: Does "xmit" work with ipfw dummynet? On Wed, May 29, 2002 at 08:40:36AM -0700, Albuquerque, Marcelo M wrote: > dummynet is not behaving as expected, and I'm wondering whether the command > is compatible with bridging mode (freebsd 4.5): xmit cannot match on bridged packets luigi > > Here is the setup: > > ___________________ > | | > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2 > |___________________| > | > | > 192.168.1.3 > > > This works: > ipfw add 100 deny ip from any to any in recv fxp0 > > This doesn't: > ipfw add 100 deny ip from any to any out xmit fxp1 > > What I really want, but fear is not supported, is: > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1 > > That is, I want to block traffic coming in from fxp0 and going out > fxp1, in bridged mode. > > Anyone know if this is possible? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F10E013C394AD411A2F10008C75DF4823D4388>