Tim Mullen wrote: > Has anyone gotten a transparent firewall working? I'm using snv_125 on an > IBM x346 (snv_130 > goes into endless boot loops on this hardware). I can create a working > bridge with dladm, but > can't stop packets, even with "block in quick all". That stops packets on my > management > interface bge0, but not on the bridge. :(
Nit: there's no reason to plumb up bge1 or bge2 for IP. In this configuration, you're not using them. Bridging occurs way below IP. > tim at ghost:~# dladm show-bridge -l bridge > LINK STATE UPTIME DESROOT > bge1 forwarding 80328 32768/0:14:5e:23:4f:fc > bge2 forwarding 78136 32768/0:14:5e:23:4f:fc That part looks fine. > Am I missing something here? Has MAC-layer filtering been implemented yet? Bridging occurs at the MAC layer, not IP. Setting up IP Filter to forward between ports on a bridge would very likely have painful results. -- James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
