14.12.25 17:20, Dries Michiels:
Hi IPFW mailing list,
I was wondering if its possible to filter on transit traffic between
two VLAN interfaces with ipfw using interface names (not subnets).
Right now I see traffic like this on a certain subnet, VLAN 214. Lets
say I have another interface, VLAN 1, and I want to deny traffic from
VLAN 214 to VLAN1,
image.png
I was thinking that; add 1212 deny ip from any to any in via bridge214
out via bridge1 would work, but it doesn't.
Any thoughts or how to achieve this in the best way? This machine is
also the router.
Regards
Dries
Hello Dries,
Use "recv" and "xmit" like "add 1212 deny out recv bridge214 xmit bridge1".
"in/out" means where you are filtering the packet like input/output
chains in linux iptables. Together they will never select a packet as
far as I understand it.
You want to filter packet after routing decision is done so this is
"out", then add selector for what interface has received the packet
"recv bridge214" and what interface is going to transmit it "xmit bridge1".
--
Eugene Perevyazko,
Dnepronet Ltd.
