Date: Mon, 13 Nov 2006 13:47:31 +0200 From: Gleb Kurtsou <k-gleb@yandex.ru> To: Andrew Thompson <andy@fud.org.nz>, net@freebsd.org Subject: macfw -- layer2 firewall Message-ID: <20061113114731.GA1620@h1.d> In-Reply-To: <20061110232108.GA65230@heff.fud.org.nz> References: <200611090632.kA96Wd5Q098835@repoman.freebsd.org> <20061109200037.GA1398@h1.d> <20061109203858.GB60329@heff.fud.org.nz> <20061110200328.GA6904@h1.d> <20061110232108.GA65230@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
--0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=koi8-r Content-Disposition: inline On (11/11/2006 12:21), Andrew Thompson wrote: > On Fri, Nov 10, 2006 at 10:03:28PM +0200, Gleb Kurtsou wrote: > > On (10/11/2006 09:38), Andrew Thompson wrote: > > > On Thu, Nov 09, 2006 at 10:00:37PM +0200, Gleb Kurtsou wrote: > > > > On (09/11/2006 06:32), Andrew Thompson wrote: > > > > > thompsa 2006-11-09 06:32:39 UTC > > > > > > > > > > FreeBSD src repository > > > > > > > > > > Modified files: > > > > > sbin/ifconfig ifbridge.c ifconfig.8 > > > > > sys/net if_bridge.c if_bridgevar.h > > > > > Log: > > > > > Add a new address cache type called sticky. On an interface marked sticky any > > > > > address learned by the bridge is made permanent, the address will not age out > > > > > and most importantly will not migrate to another interface. > > > > > > > > > > This can be used to stop mac address poisoning or clients roaming in much the > > > > > same way as static entries without the hassle of preloading the table. > > > > > > > > I have some sort of MAC firewall. It's tested and seems to work reliably > > > > but it's mostly a hack. It adds mtag with source MAC to mbufs and filters > > > > according them. If you you are interesting in reviewing and possibly > > > > committing it, I'll be glad to send you sources. > > > > > > Sure, send me the sources and I will have a look. > > > > Didn't test it on -CURRENT. > > > > It looks like a good piece of work. You should post it to the net@ > mailing list for comments, there has been some discussion lately about > layer2 firewalls. I will try it out as time permits. > > > cheers, > Andrew > In case somebody is interested.. --0OAP2g/MAC+5xKAE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061113114731.GA1620>