On Wed, May 29, 2002 at 09:35:12AM -0700, Albuquerque, Marcelo M wrote:
> Thanks Luigi.
>
> > xmit cannot match on bridged packets
>
> Is it a hard problem to make xmit compatible with bridged packets or is it
in the place the ipfw filter are in the bridging code, the info
on the output interface is still not available, this is why xmit
does not match.
> just that no one had the need yet to implement the changes? Is there any way
> around this limitation that would allow us to achive the same goal?
which is what ? you do not want to bridge between fxp0 and fxp1 ?
luigi
>
> xmit cannot match on bridged packets
>
> luigi
>
> >
> > Here is the setup:
> >
> > ___________________
> > | |
> > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2
> > |___________________|
> > |
> > |
> > 192.168.1.3
> >
> >
> > This works:
> > ipfw add 100 deny ip from any to any in recv fxp0
> >
> > This doesn't:
> > ipfw add 100 deny ip from any to any out xmit fxp1
> >
> > What I really want, but fear is not supported, is:
> > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1
> >
> > That is, I want to block traffic coming in from fxp0 and going out
> > fxp1, in bridged mode.
> >
> > Anyone know if this is possible?
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
