On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote:
> I am not sure about Luigi's bridging code. I know the dummynet stuff
> seems to connect with the ipfw code but I don't think that the
> bridge code does... (I may be wrong) So I don't know how you plan on
> filtering the bridged segments..
You are wrong, but we'll forgive you. :->
from bridge(4):
net.link.ether.bridge_ipfw
Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw
rules only apply to IP packets.
from ipfw(8):
Each incoming or outgoing packet is passed through the ipfw rules. If
host is acting as a gateway, packets forwarded by the gateway are pro-
cessed by ipfw twice. In case a host is acting as a bridge, packets for-
warded by the bridge are processed by ipfw once.
the 'bridged' keyword can be used to match only bridged packets, so:
ipfw add allow tcp from any to any 22 setup bridged
ipfw add allow tcp from any 22 to any established bridged
would allow ssh over a bridge, but in the absence of other rules, wouldn't
allow it to the actual machine (or if the machine is also a router(?!) it
wouldn't route ssh sessions either.)
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
[EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
