Date: Mon, 12 Feb 2001 04:43:19 +0100 From: Bernd Luevelsmeyer <bdluevel@heitec.net> To: "Raymundo M. Vega" <RaymundoVega@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Bridging and routing problem... Message-ID: <3A875BD7.DD4C3EC9@heitec.net> References: <200102081626.LAA77762@gateway.vsl.cua.edu> <3A82FEA4.3666D366@home.com> <3A85DA55.10AF0B88@heitec.net> <3A863D8F.6F49A981@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Raymundo M. Vega wrote: > > Bernd Luevelsmeyer wrote: > > > > Raymundo M. Vega wrote: > > [...] > > > Rather than answer if bridging is better for your > > > network, I like to point thet you will have better > > > control in the firewall if you use it as a gateway. > > > > The packets must go through the firewall whether they are bridged or > > routed, so the firewall rules apply in both cases. IMHO there's no > > difference in the amount of control. > > > > Just read man bridge I did. I found "Non-IP packets are subject to the default ipfw rule (number 65535) which must be an allow rule if we want ARP and other non-IP packets to flow through the bridge.". But I also found "September 28, 1998". Since then, things have changed; please see /usr/src/etc/rc.firewall for the ARP passing rule. The rule allows you to have a default deny rule with a bridge. Have fun, Bernd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A875BD7.DD4C3EC9>