From owner-freebsd-net@FreeBSD.ORG  Thu Sep 14 04:38:14 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF20316A403;
	Thu, 14 Sep 2006 04:38:14 +0000 (UTC) (envelope-from rea@codelabs.ru)
Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F56343D49;
	Thu, 14 Sep 2006 04:38:13 +0000 (GMT) (envelope-from rea@codelabs.ru)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru;
	h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject;
	b=WX0vW0hMEIftlLY2xlalFgNjqc8NW6HQv9R4K8uK2XKfmyTVES/BR+s9DJIQqmqODdJz/GGIipnJEc8/idTzVVjsTKZhX7jhGnOrh6LGF0PF8xwZUosG1kOedkr7GLlQH2bEWlJlKXTHhXnRdokocG6Q7HwiFO6BC16UnzVFkro=;
Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45])
	by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256)
	id 1GNizH-000DjW-Bw
	(envelope-from <rea@codelabs.ru>); Thu, 14 Sep 2006 08:38:07 +0400
Date: Thu, 14 Sep 2006 08:38:02 +0400
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: Andrew Thompson <thompsa@freebsd.org>
Message-ID: <20060914043802.GZ1221@codelabs.ru>
References: <45084BBD.7090903@ide.resurscentrum.se>
	<20060914042010.GA35371@heff.fud.org.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20060914042010.GA35371@heff.fud.org.nz>
Sender: rea@codelabs.ru
X-Spam-Status: No, score=-1.8 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_40,
	DK_POLICY_SIGNALL
Cc: freebsd-net@freebsd.org, Jon Otterholm <jon.otterholm@ide.resurscentrum.se>
Subject: Re: Bridge
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2006 04:38:14 -0000

Andrew, good day!

> The check for ARP happens before the ipfw layer2 code so it isnt
> currently possible to filter them. 
> 
>      switch (ether_type) {
> 	     case ETHERTYPE_ARP:
> 	     case ETHERTYPE_REVARP:
> 		     return (0); /* Automatically pass */
I am a bit confused because in the another thread (also created by
Jon Otterholm) you've answered that
-----
The only way that you will be able to filter ARP packets is by setting
pfil_onlyip=0, ipfw=1 and use the IPFW layer2 filtering.
-----
citing the same code. Am I understand something incorrectly or these
two answers do contradict with each other?
-- 
Eygene