Date: Sat, 12 Aug 2006 22:12:04 +0100 From: "mal content" <artifact.one@googlemail.com> To: "Max Laier" <max@love2party.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Packet filtering on tap interfaces Message-ID: <8e96a0b90608121412u50d9add8g8e3573990134ae2c@mail.gmail.com> In-Reply-To: <200608121935.33395.max@love2party.net> References: <8e96a0b90608120936q67a5365vcc97217b44a272c0@mail.gmail.com> <200608121935.33395.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/08/06, Max Laier <max@love2party.net> wrote: > > This is because the packets never make it to the IP-Layer (where our > packet filters normally hook into). You can try to use if_bridge(4) to > bridge tap0 and fxp0. if_bridge(4) offers extensive means of packet > filtering described in the man page in great detail. > Ah, thanks, I didn't know that existed (and I've even got the kernel module loaded for some reason). If I'm understanding that manual page correctly, I would put pf rules on 'bridge0', yes? MC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90608121412u50d9add8g8e3573990134ae2c>