On Sat, 3 Feb 2001, Rich Wales wrote:
> Earlier, I reported an ARP problem on a 4.2-STABLE bridge system.
>
> A few people wrote me privately, advising me to include a firewall rule
> passing UDP packets on port 2054 to/from the IP address 0.0.0.0.
>
> I've tried this, but it doesn't help any. I should mention, though,
> that I don't think this firewall rule is relevant in any case.
>
> First, the "port 2054" kludge doesn't appear to be in the networking
> code any more. I grep'ed the entire -STABLE base source for any
> references to UDP port 2054, and I found nothing at all except for the
> commented-out line in the etc/rc.firewall file. As far as I'm aware,
> bridging of non-IP packets is now controlled by the kernel's default
> "ipfw" rule -- and, yes, I do have the options IPFIREWALL and
> IPFIREWALL_DEFAULT_TO_ACCEPT in my configuration.
There used to be a kludge that mapped the ether_header.ether_type field of
non-IP packets into the UDP port number for the purposes of certain IPFW
rules when bridging. This was pretty awful. :-) That kludge was
removed, and the BRIDGE code now simply forwards all non-IP packets,
including ARP, and does not pass them through IPFW when IPFW is enabled,
making them follow the equivilent of a default pass rule. This is a
kludge that I am glad to see go: I can certainly imagine the desire to
support non-IP filtering in a bridge, but IPFW was not the right vehicle
for that. I believe the removal of the kludge occurred along with
Archie's other fixups around Jun 21, 2000, which was certainly prior to
4.2-RELEASE.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
