Date: Sat, 31 Jan 2004 11:05:46 +0100 From: Jeroen Ubbink <crasp@blackbyte.nl> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-stable@freebsd.org Subject: Re: IPF, IPv6 and a bridge Message-ID: <20040131100546.GA51403@cartman.south-park> In-Reply-To: <20040130134306.GA17621@walton.maths.tcd.ie> References: <20040130083808.GA60129@cartman.south-park> <20040130134306.GA17621@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 30, 2004 at 01:43:06PM +0000, David Malone wrote: > On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote: > > ipfw doesn't seem to block router advertisements on a > > bridge either. Is this just a problem with both those firewall tools or is > > it a problem in FreeBSD? > > Bridged packets are special and are not usually firewalled. I could be > mistaken, but I don't think you can get ipf to filter bridged packets > in 4.9. You could use ipfw2 to do it though: > > sysctl net.link.ether.bridge_ipfw=1 > ipfw add deny layer2 mac-type ipv6 recv tun1 Thank you, this seems to do the trick, though i have a mixed feeling about ipf, since the ipf page (http://www.obfuscation.org/ipf/) describes in their in there "ipf HOWTO" in chapter 9.2 that it IS possible to use ipf on a bridge. Given that there is also net.link.ether.brigde_ipf one would say it should work, and it does till a certain point. IPv6 however seems impossible to block with ipf. Anyway, it works now, that's all i care about actually :) > > (You'll need to turn on ipfw2 to do this - see the ipfw man page for > details). > > David. > Kind regards, Jeroen Ubbink
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040131100546.GA51403>