Hi: I am working on a network appliance based on FreeBSD, IPFW, and Suricata. In the scenario that I'm developing for, I need to divert packets sent over a layer 2 bridge for IPS processing. After reinjection, IPFW passes this traffic back to FreeBSD for layer 3 forwarding. I would like to get this working for layer 2 forwarding across the bridge interface(s) involved.
I saw http://freebsd.1045724.n5.nabble.com/patch-RFC-allow-divert-from-layer-2-ipfw-e-g-bridge-td4008335.html from quite some time ago (2006), and that one of the responders said that he didn't want to commit layer 2 diversion support before layer 2 packet filtering hooks were put in place. To my understanding (please correct me if I'm wrong), the pfil hooks he was referring to are in place now. Is there something I can do to help make this happen? I am very rusty with C and will probably not be much help coding, but anything else, I'd be glad to do. I suppose that I could give coding this support a shot, with (likely) a bit of hand-holding from you. The company that I work for has allocated budget for consulting, so I would be glad to help fund development if that's an issue. Thanks, Jake Guffey Network Security Engineer eProtex Network medical device security 5451 Lakeview Parkway S Drive Indianapolis, Indiana 46268, USA Mobile: 317-220-7100 [email protected] www.eprotex.com _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
