Date: Thu, 14 Sep 2006 08:38:02 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Andrew Thompson <thompsa@freebsd.org> Cc: freebsd-net@freebsd.org, Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Subject: Re: Bridge Message-ID: <20060914043802.GZ1221@codelabs.ru> In-Reply-To: <20060914042010.GA35371@heff.fud.org.nz> References: <45084BBD.7090903@ide.resurscentrum.se> <20060914042010.GA35371@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew, good day!
> The check for ARP happens before the ipfw layer2 code so it isnt
> currently possible to filter them.
>
> switch (ether_type) {
> case ETHERTYPE_ARP:
> case ETHERTYPE_REVARP:
> return (0); /* Automatically pass */
I am a bit confused because in the another thread (also created by
Jon Otterholm) you've answered that
-----
The only way that you will be able to filter ARP packets is by setting
pfil_onlyip=0, ipfw=1 and use the IPFW layer2 filtering.
-----
citing the same code. Am I understand something incorrectly or these
two answers do contradict with each other?
--
Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060914043802.GZ1221>