Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Oct 2002 01:19:26 -0400 (EDT)
From:      Andriy Gapon <>
Subject:   ipfw: ether_output_frame -> bdg_forward
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

After using my firewall with layer2-specific rules and both and, and after looking
into the code in bridge.c /bdg_forward()/ and if_ethersubr.c
/ether_output_frame()/, I am under impression that a packet passed to
ether_output_frame() on a bridged interface will not undergo firewall
checking in either ether_output_frame() (looks like a packet is handed off
to bdg_forward() before any ipfw-related code) or bdg_forward() (there is
a comment saying "Only if firewall is loaded, enabled, and the packet is
not from ether_output() (src==NULL, or we would filter it twice)", which
doesn't seem to be correct).

Have I missed something ?

Andriy Gapon
"Never try to outstubborn a cat." Lazarus Long, "Time Enough for Love"

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>