Date: Fri, 15 Sep 2006 19:48:57 +0200 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: Andrew Thompson <andy@fud.org.nz>, freebsd-net@freebsd.org Subject: Re: Bridge Message-ID: <450AE789.5020402@ide.resurscentrum.se> In-Reply-To: <20060914192045.GA37784@heff.fud.org.nz> References: <45084BBD.7090903@ide.resurscentrum.se> <20060914042010.GA35371@heff.fud.org.nz> <4509131D.8090900@ide.resurscentrum.se> <20060914083612.GD35371@heff.fud.org.nz> <450965CB.6050904@ide.resurscentrum.se> <20060914192045.GA37784@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Thompson wrote: > On Thu, Sep 14, 2006 at 04:23:07PM +0200, Jon Otterholm wrote: > >> Andrew Thompson wrote: >> >>> On Thu, Sep 14, 2006 at 10:30:21AM +0200, Jon Otterholm wrote: >>> >>> >>>> Andrew Thompson wrote: >>>> >>>> >>>>> On Wed, Sep 13, 2006 at 08:19:41PM +0200, Jon Otterholm wrote: >>>>> >From man if_bridge: >>>>> >>>>> >>>>>> ARP and REVARP packets are forwarded without being filtered and >>>>>> others >>>>>> that are not IP nor IPv6 packets are not forwarded when pfil_onlyip >>>>>> is >>>>>> enabled. IPFW can filter Ethernet types using mac-type so all >>>>>> packets >>>>>> are passed to the filter for processing. >>>>>> >>>>>> ARP is still forwarded though I have the following config: >>>>>> >>>>>> >>>>> The check for ARP happens before the ipfw layer2 code so it isnt >>>>> currently possible to filter them. >>>>> >>>>> >>>>> >>>> What impact would it have to others using bridge? Could it be made in >>>> combination with a sysctl that must be enabled? I can onley speak for me >>>> an my needs - I would like this to be committed. >>>> >>>> >>>> >>> You can try the patch I sent in a later email, it should work fine. >>> >>> >>> Andrew >>> >>> >> Do I have to go to -current for version 1.79 of if_bridge.c? >> > > No, the patch will apply fine to RELENG_6 too. > > > Andrew > It works fine. Thanks for all the help (let me know if you are in town (Ljungby-Sweden) and I will buy you lunch :-)). I hope to put this in production soon - will this patch work on future releases? How about committing this? /Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?450AE789.5020402>