Date: Tue, 8 Nov 2011 09:54:40 -0600 From: Korodev <korodev@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Protecting bridge interface via external interface and IPFW Message-ID: <CAKOsuLp4nfMk_ZQqpGTxLJkkoEzQBBVHDZnkTVznadzifPmHAQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm currently running a typical bridge setup on 8.2 with if_bridge and ipfw (tunings below) and I've set up a libpcap tool to monitor packets traversing bridge interface. I've got some traffic that I don't want the tool to see, so I've firewalled it off using ipfw. However, it appears that no matter how I tune my sysctl knobs, the bridge interface will always see the packet regardless if it's blocked or not by the ipfw at the external physical interface. I have played with pfil_member, and seen no changes in this activity. Are there any modifications, whether it be patches, sysctl tunings, or virtual interface trickery to allow IPFW to act as a "shield" to my libpcap program? Here are my sysctl tunings: net.link.bridge.ipfw: 1 net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 0 net.link.bridge.pfil_bridge: 0 Edit: It looks like I have the exact same question as this individual that was never answered on the forums: http://forums.freebsd.org/showthread.php?t=24372 \\korodev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKOsuLp4nfMk_ZQqpGTxLJkkoEzQBBVHDZnkTVznadzifPmHAQ>