On Mon, Aug 28, 2000 at 11:31:06PM -0400, Bill Fumerola wrote:
> On Mon, Aug 28, 2000 at 07:02:03PM -0700, Jaye Mathisen wrote:
> >
> > Just exactly what I said in the Subject. I want to filter on the ethernet
> > MAC address.
>
> I guess the "ip" in "ipfw" just wasn't obvious enough that it is an IP firewall
> tool. You're one layer too low.
We already have filter rules to check if a packet would get bridged.
And none IP protocols like IPX get bridged depending on the default rule
of ipfw.
I don't think that ipfw stand for ip only anymore.
But I'm not shure if we still have the MAC address at this layer.
Unfortunately we can't use a fwd action for bridged packets ;(
Anyone with a good idea how to get missings parameters in the bridge
code for calling the firewall check code.
Is it OK to just get emtpy structures?
If I understood it right the bridge checks only at incoming time and
normaly fwd should be used for outgoing packets.
Will this be any big problem?
--
B.Walter COSMO-Project http://www.cosmo-project.de
[EMAIL PROTECTED] Usergroup [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message