On Thu, Sep 28, 2000 at 12:38:40AM -0700, Julian Elischer wrote:
> I am not sure about Luigi's bridging code. I know the dummynet stuff
> seems to connect with the ipfw code but I don't think that the
> bridge code does... (I may be wrong) So I don't know how you plan on
> filtering the bridged segments..
You are wrong, but we'll forgive you. :->
Set to 1 to enable ipfw filtering on bridged packets. Note that ipfw
rules only apply to IP packets.
Each incoming or outgoing packet is passed through the ipfw rules. If
host is acting as a gateway, packets forwarded by the gateway are pro-
cessed by ipfw twice. In case a host is acting as a bridge, packets for-
warded by the bridge are processed by ipfw once.
the 'bridged' keyword can be used to match only bridged packets, so:
ipfw add allow tcp from any to any 22 setup bridged
ipfw add allow tcp from any 22 to any established bridged
would allow ssh over a bridge, but in the absence of other rules, wouldn't
allow it to the actual machine (or if the machine is also a router(?!) it
wouldn't route ssh sessions either.)
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
[EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message