Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Jan 2013 12:16:54 -0500
From:      Jake Guffey <>
Subject:   IPFW divert with layer 2 interfaces
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

I am working on a network appliance based on FreeBSD, IPFW, and =
Suricata. In the scenario that I'm developing for, I need to divert =
packets sent over a layer 2 bridge for IPS processing. After =
reinjection, IPFW passes this traffic back to FreeBSD for layer 3 =
forwarding. I would like to get this working for layer 2 forwarding =
across the bridge interface(s) involved.

I saw =
pfw-e-g-bridge-td4008335.html from quite some time ago (2006), and that =
one of the responders said that he didn't want to commit layer 2 =
diversion support before layer 2 packet filtering hooks were put in =
place. To my understanding (please correct me if I'm wrong), the pfil =
hooks he was referring to are in place now.

Is there something I can do to help make this happen? I am very rusty =
with C and will probably not be much help coding, but anything else, I'd =
be glad to do. I suppose that I could give coding this support a shot, =
with (likely) a bit of hand-holding from you.

The company that I work for has allocated budget for consulting, so I =
would be glad to help fund development if that's an issue.

Jake Guffey
Network Security Engineer

Network medical device security

5451 Lakeview Parkway S Drive
Indianapolis, Indiana 46268, USA
Mobile: 317-220-7100

Want to link to this message? Use this URL: <>