On Wed, Apr 11, 2007 at 08:47:21AM -0700, Julian Elischer wrote:
> the MAC or layer2 commands are only useful if you are calling the
> firewall from the NIC layer..
> have you turned on the layer 2 entrypoints?
>
> sysctl net.link.ether.{something} (I forget exactly)
It's net.link.ether.ipfw, and yes, I turned this on,
or else rule 40 wouldn't match a packet but it does
as I noted:
> >ipfw add 40 allow ip from any to any layer2
> >ipfw add 50 count log ip from any to any tagged 1
> >
> >I hoped that rule 30 would tag all broadcasts with tag 1 during layer2
> >filtering pass and it'd keep its tag during layer3 filtering but it seems
> >it doesn't. If I send a broadcast with ping <IP-broadcast>
> >I see that rules 30 and 40 match this outgoing broadcast
> >but rule 50 does not.
Eugene
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
