Date: Sat, 31 Jan 2004 16:48:23 +0200 From: "freebsd-question@premsoft.co.za" <freebsd-questions@premsoft.co.za> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-stable@freebsd.org Subject: Re: IPF, IPv6 and a bridge Message-ID: <401BC037.20009@premsoft.co.za> In-Reply-To: <20040130134306.GA17621@walton.maths.tcd.ie> References: <20040130083808.GA60129@cartman.south-park> <20040130134306.GA17621@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
David Malone wrote: >On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote: > > >>ipfw doesn't seem to block router advertisements on a >>bridge either. Is this just a problem with both those firewall tools or is >>it a problem in FreeBSD? >> >> > >Bridged packets are special and are not usually firewalled. I could be >mistaken, but I don't think you can get ipf to filter bridged packets >in 4.9. You could use ipfw2 to do it though: > > sysctl net.link.ether.bridge_ipfw=1 > ipfw add deny layer2 mac-type ipv6 recv tun1 > >(You'll need to turn on ipfw2 to do this - see the ipfw man page for >details). > > David. >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > Actually, I think it is possible I have not tested this, but there is also a sysctl knob for ipf: net.link.ether.bridge_ipf: 0 Regards Jaco
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?401BC037.20009>