Packet filtering on tap interfaces

Hello, this is a simplified re-phrasing of a question posted to [EMAIL PROTECTED] It didn't get any answers over there because I think people took one look at it and switched off. A cut down version follows... How does one do packet filtering on tap interfaces? I'm using qemu and I

Re: Packet filtering on tap interfaces

How does one do packet filtering on tap interfaces? I'm using > qemu and I'm going to be loading some untrusted OS images > so I'd like complete filtering of packets to and from the qemu > process. > > I was given a partial solution by somebody before, but I could

Re: Packet filtering on tap interfaces

On 12/08/06, Max Laier <[EMAIL PROTECTED]> wrote: This is because the packets never make it to the IP-Layer (where our packet filters normally hook into). You can try to use if_bridge(4) to bridge tap0 and fxp0. if_bridge(4) offers extensive means of packet filtering described in the man page

Re: Packet filtering on tap interfaces

On Sat, 12 Aug 2006, mal content wrote: Can tap interfaces reliably be filtered? Max has provided a detailed answer, but I wanted to answer a more general question here: a tap interface plugs into the normal kernel network interface and ethernet layers, and as such, packets sent and receive