Date: Tue, 27 Mar 2001 09:24:19 -0800 From: Julian Elischer <julian@elischer.org> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: Archie Cobbs <archie@dellroad.org>, Peter.Blok@inter.NL.net, freebsd-net@FreeBSD.ORG Subject: Re: netgraph ng_bridge and ipfilter Message-ID: <3AC0CCC3.F7DD8133@elischer.org> References: <200103270656.IAA78972@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote:
>
> > > > completely when a bridge is created with netgraph. I want to create a
> > > > transparent firewall without NAT. I know OpenBSD has a bridge that works,
> ...
> > Netgraph should be completely orthogonal to the firewall stuff,
> > i.e., they don't interact at all.
>
> in this case, this person seemed to _need_ the interaction in
> order to have a bridging firewall
that would be a brouter and not a bridge..Filering on IP at link layer..
yuck.
It's really a crime against humanity but then that's never stopped
such things before.. I have been considering what it would take to add
the ability to insert an arbitrary filter module into a bridge..
not much. But anyone who wants to do that really should be taken out and shot
I think.
>
> cheers
> luigi
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC0CCC3.F7DD8133>