Hi there,
I've been running into some problems with what is supposed to be a
filtering bridge with IPFW, on FreeBSD 5.4-REL0.
IPFW has been compiled into kernel:
options BRIDGE
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
along with the bridging capability.
No other firewalling mechanisms are enabled.
The bridge is configured and working:
net.link.ether.bridge.enable=1
net.link.ether.bridge.config=fxp0,vr0
net.link.ether.bridge_ipfw=1
fxp0 is Internet
vr0 is a server with an external IP, called EXT_IP
I tried blocking with trivial ruleset:
00100 0 0 deny icmp from any to any
65535 8518 584248 allow ip from any to any
However, pinging through the bridge, from the Internet, works without fear:
64 bytes from EXT_IP: icmp_seq=0 ttl=233 time=85.994 ms
64 bytes from EXT_IP: icmp_seq=1 ttl=233 time=96.220 ms
If anyone could help me a bit, I'd be really thankfull.
Thanks for the time.
Yours Sincerely,
--
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA
"It is dangerous to be right when the government is wrong." - Voltaire
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
