> On Wed, May 29, 2002 at 09:35:12AM -0700, Albuquerque, > Marcelo M wrote: > > Thanks Luigi. > > > > > xmit cannot match on bridged packets > > > > Is it a hard problem to make xmit compatible with bridged > packets or is it > > in the place the ipfw filter are in the bridging code, the info > on the output interface is still not available, this is why xmit > does not match.
Is there a place downstream where we could insert a check and match the output interface? > > > just that no one had the need yet to implement the changes? > Is there any way > > around this limitation that would allow us to achive the same goal? > > which is what ? you do not want to bridge between fxp0 and fxp1 ? We do want to bridge packets from fxp0 to fxp1 and at the same time have the firewall filter match both incoming and outgoing interfaces. > > luigi > > > > > xmit cannot match on bridged packets > > > > luigi > > > > > > > > Here is the setup: > > > > > > ___________________ > > > | | > > > 192.168.1.1 --- |FreeBSD 4.5 Bridge | --- 192.168.1.2 > > > |___________________| > > > | > > > | > > > 192.168.1.3 > > > > > > > > > This works: > > > ipfw add 100 deny ip from any to any in recv fxp0 > > > > > > This doesn't: > > > ipfw add 100 deny ip from any to any out xmit fxp1 > > > > > > What I really want, but fear is not supported, is: > > > ipfw add 100 deny ip from any to any out recv fxp0 xmit fxp1 > > > > > > That is, I want to block traffic coming in from fxp0 and going out > > > fxp1, in bridged mode. > > > > > > Anyone know if this is possible? > > > > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
