ipfilter/ipfw + bridge + out checking
From: Aristeu Gil Alves Jr (suporte_at_wahtec.com.br)
Date: 04/27/04
- Previous message: Ruslan Ermilov: "Re: i386/65965: make buildworld fails for STABLE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Freebsd-Stable" <freebsd-stable@freebsd.org> Date: Mon, 26 Apr 2004 20:43:39 -0300
Hi all.
I didn't find any thread discussing it, sorry if I am re-posting the same
subject.
Is there a way to check the ipfilter/ipfw out-flow with bridge? Is it
implemented already?
The case ilustrated in most howtos is shown with only two NICs
NET-1
||
___________
|bridge-fw|
-----------
||
NET-2
It's important for us to use a bridge-fw with three NICs.
NET-1
||
___________
|bridge-fw|== NET-3
-----------
||
NET-2
without the out packet controling, a solution with three or more NIC's could
lead to an information leak problem. I've heard this checking is not done
due a performance issue (it's writen in ipf-howto), but performance is not
the main goal in this particular situation. I would like to have the
stateful firewall and the bridge _fully_ working together.
If there's anything I can do to contribute, I'll be happy to help.
[]'s
--aristeu
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
- Previous message: Ruslan Ermilov: "Re: i386/65965: make buildworld fails for STABLE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
