Date: Thu, 23 Jun 2005 00:47:44 +0300 From: Alin-Adrian Anton <aanton@spintech.ro> To: freebsd-hackers@freebsd.org Subject: ipfw2 filtering on bridge Message-ID: <42B9DC80.9070207@spintech.ro>
next in thread | raw e-mail | index | archive | help
Hi there, I've been running into some problems with what is supposed to be a filtering bridge with IPFW, on FreeBSD 5.4-REL0. IPFW has been compiled into kernel: options BRIDGE options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT along with the bridging capability. No other firewalling mechanisms are enabled. The bridge is configured and working: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=fxp0,vr0 net.link.ether.bridge_ipfw=1 fxp0 is Internet vr0 is a server with an external IP, called EXT_IP I tried blocking with trivial ruleset: 00100 0 0 deny icmp from any to any 65535 8518 584248 allow ip from any to any However, pinging through the bridge, from the Internet, works without fear: 64 bytes from EXT_IP: icmp_seq=0 ttl=233 time=85.994 ms 64 bytes from EXT_IP: icmp_seq=1 ttl=233 time=96.220 ms If anyone could help me a bit, I'd be really thankfull. Thanks for the time. Yours Sincerely, -- Alin-Adrian Anton GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA) gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA "It is dangerous to be right when the government is wrong." - Voltaire
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B9DC80.9070207>