> On 15 Jun 2016, at 14:04, Dr Josef Karthauser <j...@truespeed.com> wrote: > > I don’t have IP forwarding switched on and so I’d expect bridged packets to > carry on being bridged irrespective of whether vlan9 has an IP address or not. > > What’s strange is that ingress packets to the bridge are being forwarded ok, > but egress packets out onto the vlan are being filtered. > > Is there something obvious that I’ve missed? > > Cheers, > Joe
Ok, I’ve narrowed the problem down. It’s related to the anti spoofing ruleset. I’ve also got this in my ruleset: deny log ip from any to any not antispoof in What’s strange is that when vlan9 has an ip address this rule starts triggering for interfaces that it didn’t before: Jun 15 14:19:39 kernel: ipfw: 10000 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via vnet0:13 Jun 15 14:19:39 kernel: ipfw: 10000 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via bridge9 Jun 15 14:19:39 kernel: ipfw: 10000 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via vnet0:13 Without the IP address I don’t get any of these logged and no packets are filtered. Why would anti-spoof filtering filter traffic on interfaces without IP addresses assigned when vlan9 is given an interface? I might expect that behaviour on the vlan, but but the other bridged interfaces. Is this a “feature”? Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> This email contains TrueSpeed information, which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you're not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you've received this email in error, please let me know immediately on the email address above. Thank you. We monitor our email system, and may record your emails. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
