Date: Tue, 08 Nov 2011 10:01:58 -0800 From: Chuck Swiger <cswiger@mac.com> To: Korodev <korodev@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Protecting bridge interface via external interface and IPFW Message-ID: <16D97773-945E-480E-9645-0AC705766536@mac.com> In-Reply-To: <CAKOsuLp4nfMk_ZQqpGTxLJkkoEzQBBVHDZnkTVznadzifPmHAQ@mail.gmail.com> References: <CAKOsuLp4nfMk_ZQqpGTxLJkkoEzQBBVHDZnkTVznadzifPmHAQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 8, 2011, at 7:54 AM, Korodev wrote: [ ... ] > Are there any modifications, whether it be patches, sysctl tunings, or > virtual interface trickery to allow IPFW to act as a "shield" to my > libpcap program? It's intentional that libpcap/BPF sees traffic before firewall rules, routing, and so forth are done. However, if the traffic is only coming from one side, you might get the desired effect by having your program listen to the other side of the bridge (ie, physical interface). Failing that, you could change your monitoring tool to not pay attention to the traffic you want it to ignore. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16D97773-945E-480E-9645-0AC705766536>