Re: IPF, IPv6 and a bridge
freebsd-question_at_premsoft.co.za
Date: 01/31/04
- Previous message: freebsd-question_at_premsoft.co.za: "Re: IPF, IPv6 and a bridge"
- In reply to: David Malone: "Re: IPF, IPv6 and a bridge"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 31 Jan 2004 16:48:46 +0200 To: David Malone <dwmalone@maths.tcd.ie>
David Malone wrote:
>On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote:
>
>
>>ipfw doesn't seem to block router advertisements on a
>>bridge either. Is this just a problem with both those firewall tools or is
>>it a problem in FreeBSD?
>>
>>
>
>Bridged packets are special and are not usually firewalled. I could be
>mistaken, but I don't think you can get ipf to filter bridged packets
>in 4.9. You could use ipfw2 to do it though:
>
> sysctl net.link.ether.bridge_ipfw=1
> ipfw add deny layer2 mac-type ipv6 recv tun1
>
>(You'll need to turn on ipfw2 to do this - see the ipfw man page for
>details).
>
> David.
>_______________________________________________
>freebsd-stable@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>
>
>
Actually, I think it is possible
I have not tested this, but there is also a sysctl knob for ipf:
net.link.ether.bridge_ipf: 1
Regards
Jaco
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
- Previous message: freebsd-question_at_premsoft.co.za: "Re: IPF, IPv6 and a bridge"
- In reply to: David Malone: "Re: IPF, IPv6 and a bridge"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
