Andrew Thompson wrote:
On Thu, Sep 14, 2006 at 04:23:07PM +0200, Jon Otterholm wrote:
Andrew Thompson wrote:
On Thu, Sep 14, 2006 at 10:30:21AM +0200, Jon Otterholm wrote:
Andrew Thompson wrote:
On Wed, Sep 13, 2006 at 08:19:41PM +0200, Jon Otterholm wrote:
>From man if_bridge:
ARP and REVARP packets are forwarded without being filtered and
others
that are not IP nor IPv6 packets are not forwarded when pfil_onlyip
is
enabled. IPFW can filter Ethernet types using mac-type so all
packets
are passed to the filter for processing.
ARP is still forwarded though I have the following config:
The check for ARP happens before the ipfw layer2 code so it isnt
currently possible to filter them.
What impact would it have to others using bridge? Could it be made in
combination with a sysctl that must be enabled? I can onley speak for me
an my needs - I would like this to be committed.
You can try the patch I sent in a later email, it should work fine.
Andrew
Do I have to go to -current for version 1.79 of if_bridge.c?
No, the patch will apply fine to RELENG_6 too.
Andrew
It works fine. Thanks for all the help (let me know if you are in town
(Ljungby-Sweden) and I will buy you lunch :-)).
I hope to put this in production soon - will this patch work on future
releases? How about committing this?
/Jon
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
