From owner-freebsd-net@FreeBSD.ORG  Wed Aug 29 09:16:21 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5189C106564A
	for <freebsd-net@FreeBSD.org>; Wed, 29 Aug 2012 09:16:21 +0000 (UTC)
	(envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
	[46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 105458FC16
	for <freebsd-net@FreeBSD.org>; Wed, 29 Aug 2012 09:16:20 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
	[IPv6:2001:470:923f:1:b893:d73f:3750:2064])
	(Authenticated sender: lev@serebryakov.spb.ru)
	by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id DA4A74AC2D
	for <freebsd-net@FreeBSD.org>; Wed, 29 Aug 2012 13:16:13 +0400 (MSK)
Date: Wed, 29 Aug 2012 13:16:10 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
Organization: FreeBSD
X-Priority: 3 (Normal)
Message-ID: <1865271844.20120829131610@serebryakov.spb.ru>
To: freebsd-net@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: 
Subject: ipfw, "ip|all" proto and PPPoE -- does PPPoE packets passed to ipfw?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lev@FreeBSD.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2012 09:16:21 -0000

Hello, Freebsd-net.

  I have interface (vr1), most of traffic on which is PPPoE. I have ipfw
firewall, which splits traffic by interfaces via:

add 2000 skipto  5000 all  from any to any via em0
add 2010 skipto  7000 all  from any to any via wlan0
add 2020 skipto 11000 all  from any to any via vr1
add 2030 skipto 13000 all  from any to any via ng0
add 2040 skipto 15000 ipv6 from any to any via gif0
add 2999 deny all from any to any
...
And later here are some basic checks, nat, "check-state" and some
stateful rules.

  Does PPPoE packets match rule 2020, and other rules like "nat 1 ip
from any to any"?

   ipfw(8) says, that "all" is synonym to "ip" but means "Matches any
 packet.". Does it mean really _any_ packer and all PPPoE traffic goes
 through NAT (useless) and "check-state" (useless too)?


-- 
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>