ipfilter won't filter bridged traffic on freebsd
This is a discussion on ipfilter won't filter bridged traffic on freebsd within the IPFilter forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, http://coombs.anu.edu.au/~avalon/ipfilfaq.html#freebsd1 suggests it is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-09-2008
|
|||
|
|||
ipfilter won't filter bridged traffic on freebsd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hi All, http://coombs.anu.edu.au/~avalon/ipfilfaq.html#freebsd1 suggests it is possible to use ipfilter to filter bridged traffic. However, this does not seem to be the case (unless 'recent' means more recent than 6.2-RELEASE-p10. For one thing, the sysctl oid net.link.ether.bridge does not exist, i think net.link.ether.bridge.enable is meant. My situation is that i have a machine that is configured to use both ipfw and ipfilter, where currently only ipfw applies to bridged traffic (net.link.ether.bridge_ipfw=1 and net.link.ether.bridge_ipf=0). Maintaining both an ipfw and ipfilter firewall is a PITA though, so i wanted to consolidate everything into an ipfilter firewall, and drop ipfw. I will go with ipfw now, because that does filter bridged traffic. Someone might want to modify the FAQ entry, it is simply incorrect. Best, Koen Martens - -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, hosting, embedded systems, unix, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHrgzJktDgRrkFPpYRAjHDAKCPdUFuG3CJ7MP9ktayA2 icrcp4GgCfU2Ph QCOjb5LGIPiXZ4jJQDygZWA= =myPG -----END PGP SIGNATURE----- 
|
Linear Mode
