On Fri, Jan 30, 2004 at 01:43:06PM +0000, David Malone wrote: > On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote: > > ipfw doesn't seem to block router advertisements on a > > bridge either. Is this just a problem with both those firewall tools or is > > it a problem in FreeBSD? > > Bridged packets are special and are not usually firewalled. I could be > mistaken, but I don't think you can get ipf to filter bridged packets > in 4.9. You could use ipfw2 to do it though: > > sysctl net.link.ether.bridge_ipfw=1 > ipfw add deny layer2 mac-type ipv6 recv tun1
Thank you, this seems to do the trick, though i have a mixed feeling about ipf, since the ipf page (http://www.obfuscation.org/ipf/) describes in their in there "ipf HOWTO" in chapter 9.2 that it IS possible to use ipf on a bridge. Given that there is also net.link.ether.brigde_ipf one would say it should work, and it does till a certain point. IPv6 however seems impossible to block with ipf. Anyway, it works now, that's all i care about actually :) > > (You'll need to turn on ipfw2 to do this - see the ipfw man page for > details). > > David. > Kind regards, Jeroen Ubbink _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
