From owner-freebsd-ipfw@freebsd.org Fri Dec 1 13:04:38 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8CA73DFFE61 for ; Fri, 1 Dec 2017 13:04:38 +0000 (UTC) (envelope-from reply@west-art.net) Received: from west-art.net (west-art.net [162.144.110.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6661F1177 for ; Fri, 1 Dec 2017 13:04:38 +0000 (UTC) (envelope-from reply@west-art.net) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=west-art.net; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:List-Unsubscribe:Message-ID:Subject:Reply-To:From:To:Date:Sender :Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ALVM09CdQXwP2uraV9+A5ckfiIVm9KsAsVFuPYViPA0=; b=sLucuBttTEROJbRqABFuBcav+L PfeuVm4izzu890qWIHPvTd/QBPFyPOLdaZ+cK/P1AUPc2yJWLXtlpHFP2Sj0wvXE/7rPeomXBmEuB VSgHW0lwQoo1hU7rvQLrZwQTkxysM9S95zYtjqEkb40rwpMrk0FCba+rDuC3vnBUUduteh3dCxyUT ADhcIxw4x/5yHO+vG4cZJzAmq72eAE/ujwtJ4xrAKJ5uUr4NL/97fMdWjbOl0D342rU5PqubdBqEQ GMSKq8DTDOyoq3/kIRpotp3W3orK45M7MfQ/3eImHLce64GC7TO8+1NgECTmZPXJ2wxXZEwjiA2kH lSynAKNA==; Received: from westartn by server.west-art.net with local (Exim 4.89) (envelope-from ) id 1eKkzb-0007Ck-BM for freebsd-ipfw@freebsd.org; Fri, 01 Dec 2017 15:04:35 +0200 Date: Fri, 1 Dec 2017 13:04:14 +0000 To: freebsd-ipfw@freebsd.org From: Benefis Company Reply-To: reply@west-art.net Subject: Best Ballet Costume for Winter Performances! Message-ID: X-Mailer: Mailster 2.2.14 (5.2.22) X-Mailster: 0027c6cc9659e92b0df4ae67f73255f8 X-Mailster-Campaign: 121 X-Mailster-ID: 34695d011f7794251628561f772eda6d X-Message-ID: <5a21536351c87-0027c6cc9659e92b0df4ae67f73255f8-121-34695d011f7794251628561f772eda6d@massmail.benefistutu.com> MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.west-art.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [500 500] / [47 12] X-AntiAbuse: Sender Address Domain - west-art.net X-Get-Message-Sender-Via: server.west-art.net: authenticated_id: westartn/from_h X-Authenticated-Sender: server.west-art.net: reply@west-art.net X-Source: /usr/bin/php X-Source-Args: /usr/bin/php X-Source-Dir: west-art.net:/public_html/massmail Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2017 13:04:38 -0000 [1] Winter Special Price! [2] This gorgeous Professional Stage Costume is just what you need for any show, audition, or performance. It is a perfect choice for the most renown ballets, such as Nutcracker, Sleeping Beauty and many more. Model: F 0001 Brand: Benefis Santa Claus [facebook] [3] [instagram] [4] [pinterest] [5] [twitter] [6] [linkedin] [7] [youtube] [8] [vkontakte] [9] Links: ------ [1] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20vaW5kZXgucGhwP3JvdXRlPXByb2R1Y3QvcHJvZHVjdCZhbXA7c2VhcmNoPWYlMjUyMDAwMDEmYW1wO3Byb2R1Y3RfaWQ9MTI2MA [2] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20vaW5kZXgucGhwP3JvdXRlPXByb2R1Y3QvcHJvZHVjdCZhbXA7c2VhcmNoPWYlMjUyMDAwMDEmYW1wO3Byb2R1Y3RfaWQ9MTI2MA/1 [3] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL0JlbmVmaXMtQmFsbGV0LUNvc3R1bWVzLTEyMTc2ODAzNDgzNzcxMS8 [4] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cuaW5zdGFncmFtLmNvbS90ZXJlbnRpZXZhOTgxNi8 [5] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cucGludGVyZXN0LmNvbS9iYmFsbGV0Y29zdHVtZXMv [6] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly90d2l0dGVyLmNvbS9iZW5lZmlzc2hvcA [7] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL2JlbmVmaXNzaG9wY29tLw [8] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cueW91dHViZS5jb20vdXNlci9CZW5lZmlzc2hvcA [9] http://massmail.benefistutu.com/mailster/121/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly92ay5jb20vaWQxNzgxNzY2OTg From owner-freebsd-ipfw@freebsd.org Fri Dec 1 17:52:00 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49783E6642D for ; Fri, 1 Dec 2017 17:52:00 +0000 (UTC) (envelope-from sandeepkiranp@gmail.com) Received: from mail-wm0-x242.google.com (mail-wm0-x242.google.com [IPv6:2a00:1450:400c:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D2F226A2CC for ; Fri, 1 Dec 2017 17:51:59 +0000 (UTC) (envelope-from sandeepkiranp@gmail.com) Received: by mail-wm0-x242.google.com with SMTP id t8so4944795wmc.3 for ; Fri, 01 Dec 2017 09:51:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=PIULuwf6fSlS+cyOQh3kNyFFlCPNIJk8D/pivCneMQA=; b=ZYqc2YH8gtyN4OK9l+0Ud4osv/BOSz7z7sFj69tqcEnOn9WuZSEorkueXzB2t3ojHY 2mWjXwSPnAlJu+vtpz3CpcFf0pUyX1TDht2rEKYZYniTEXjOFTDNWV/UcI9KDoAaK1Gu 1DRIyyjEuh5o7Dy7aM7Owv9ydednFdd1Ko0BefztV19syF4HEPqo+KkjN5SAIij9tK+L jrvwqaG+93uNgSAE+y2KckkNJIcv3lpOVPXPVafkwJ1kJ6wdFSXgJq8onapWPv2HaMqE 2a4Z3WRXi8iPYcYjweT09u5saQvmRiCWrw+fpuxt+q7IfsBGV9K5oNSGzXcqpAOzzHxm AixQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PIULuwf6fSlS+cyOQh3kNyFFlCPNIJk8D/pivCneMQA=; b=slRlNV8mN1bE+Djeni1i2tjSWyXKijD3ITh5tBKHrf3QO7bQ9FhKPGY2Ua4fgRRHTn 9zf4dXy07wFoqubk8Myy4TFKxB3x06I5fnlWXpt2fdSRsYYQbCRDTpUPKLJUiOgFzgGZ 37KQUbc/iiMVz/MAUvf05wdRGLOAIc84m+ue6fCtmPGDOZ3DyTw4t/wCSgMPN8gezQm+ uxw0oVoSrx42/xcS0R432gtX+rIA/jXi5RBu8JbGTLo7RKEFTDPpeNybUxGbCki44J9A PMHOqWqiJ1RbCKq/Uh2rUCEigPbe8s+6IOIaurFJOPZiB6j1L5KCQghG+3e4/fN6ypNL j9Kg== X-Gm-Message-State: AJaThX4Q0fyS09ms8AU11fNHWvHrLA67q6ynuwGj9/fes8XHRsCoY6Eu Zo6UiK4DM8nSZJwN9PggERtpROKFhFPI2d6mSnPZIQ== X-Google-Smtp-Source: AGs4zMYbxNBUrq7w+oTn0QmU/Edxsi/r99j4565eVNBV96eD5rt3eS4oDSNk/GCBo4Iu+zdmdDlfYqe7OUxqoYYkXsE= X-Received: by 10.80.134.197 with SMTP id 5mr19170207edu.129.1512150718178; Fri, 01 Dec 2017 09:51:58 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.135.78 with HTTP; Fri, 1 Dec 2017 09:51:57 -0800 (PST) From: sandeep kiran p Date: Fri, 1 Dec 2017 23:21:57 +0530 Message-ID: Subject: ipfw layer2 filtering with bridged traffic To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2017 17:52:00 -0000 Hi, We are running our applicaiton on FreeBSD 10.1. We have a bridge with two interfaces attached and we are enabling packet filtering using ipfw (net.link.bridge.ipfw=1). Somehow the IPFW rules that I create for bridged (layer2) packets never seem to match. To see if IPFW sees any of the bridged packets, I added a rule right at the beginning of the rules, "ipfw add 5 count log ip from any to any layer2". But I dont see the count increasing for this rule even though I see packets on the bridge. Only when I enable net.link.ether.ipfw, I see the proper layer2 rules being hit. I cant enable ether.ipfw on the system for some other limitation. When I looked at the code, in file sys/netpfil/ipfw/ip_fw_pfil.c, I see the following lines. else if (V_fwlink_enable && ipfw_hook(1, AF_LINK) != 0) { error = ENOENT; printf("ipfw_link_hook() error\n"); } where V_fwlink_enable points to the net.link.ether.ipfw flag. The above code means that ipfw is hooked only if ether.ipfw flag is enabled. If my understanding is correct, net.link.bridge.ipfw does not enable ipfw filter to be hooked for layer2 data. Please correct me if I am wrong. Is this an open issue or has it been corrected in later releases? As a fix, I am thinking of modifying the above code to also include bridge.ipfw flag. Something like else if ((V_fwlink_enable || V_fwbridge_enable) && ipfw_hook(1, AF_LINK) != 0) { error = ENOENT; printf("ipfw_link_hook() error\n"); } where v_fwbridge_enable will be enabled when net.link.bridge.ipfw is set. Thanks Sandeep