Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Dec 2018 00:41:12 +0000 (UTC)
From:      Eugene Grosbein <eugen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r341451 - stable/12/sbin/ipfw
Message-ID:  <201812040041.wB40fCm4027180@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: eugen
Date: Tue Dec  4 00:41:12 2018
New Revision: 341451
URL: https://svnweb.freebsd.org/changeset/base/341451

Log:
  MFC r340110: ipfw(8): clarify layer2 processing abilities
  
  Make it clear that ipfw action set for layer2 frames is a bit limited.
  
  PR:		59835
  Reviewed by:		yuripv
  Differential Revision:	https://reviews.freebsd.org/D17719

Modified:
  stable/12/sbin/ipfw/ipfw.8
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/ipfw/ipfw.8
==============================================================================
--- stable/12/sbin/ipfw/ipfw.8	Tue Dec  4 00:22:08 2018	(r341450)
+++ stable/12/sbin/ipfw/ipfw.8	Tue Dec  4 00:41:12 2018	(r341451)
@@ -511,6 +511,27 @@ ipfw add 10 skipto 4000 all from any to any layer2 out
 .Pp
 (yes, at the moment there is no way to differentiate between
 ether_demux and bdg_forward).
+.Pp
+Also note that only actions
+.Cm allow,
+.Cm deny,
+.Cm netgraph,
+.Cm ngtee
+and related to
+.Cm dummynet
+are processed for
+.Cm layer2
+frames and all other actions act as if they were
+.Cm allow
+for such frames.
+Full set of actions is supported for IP packets without
+.Cm layer2
+headers only.
+For example,
+.Cm divert
+action does not divert
+.Cm layer2
+frames.
 .Sh SYNTAX
 In general, each keyword or argument must be provided as
 a separate command line argument, with no leading or trailing



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812040041.wB40fCm4027180>