Thanks for the response, Julian. Any thoughts, Doug?
Thanks, Jake Guffey Network Security Engineer eProtex Network medical device security 5451 Lakeview Parkway S Drive Indianapolis, Indiana 46268, USA Mobile: 317-220-7100 [email protected] www.eprotex.com On Jan 24, 2013, at 12:37 PM, Julian Elischer <[email protected]> wrote: > On 1/24/13 10:16 AM, Jake Guffey wrote: >> Hi: >> >> I am working on a network appliance based on FreeBSD, IPFW, and Suricata. In >> the scenario that I'm developing for, I need to divert packets sent over a >> layer 2 bridge for IPS processing. After reinjection, IPFW passes this >> traffic back to FreeBSD for layer 3 forwarding. I would like to get this >> working for layer 2 forwarding across the bridge interface(s) involved. >> >> I saw >> http://freebsd.1045724.n5.nabble.com/patch-RFC-allow-divert-from-layer-2-ipfw-e-g-bridge-td4008335.html >> from quite some time ago (2006), and that one of the responders said that >> he didn't want to commit layer 2 diversion support before layer 2 packet >> filtering hooks were put in place. To my understanding (please correct me if >> I'm wrong), the pfil hooks he was referring to are in place now. > > hithere.. > The original code you refer to was written by Ironport (now cisco) after > lookign at similar code bu imimic (then ironport, now cisco :-)) for use in > their > web filter appliance. > > It did work well, however I'm not in that field any more so I can't justify > work time in getting it up to date.. > Nor o I have access any more to test machines that I can test the result with. > > It may be worth asking Doug Ambrisko what the current version of the code > looks like.. We had permission to > give it back (hense the email) but it never got put into the tree. > >> Is there something I can do to help make this happen? I am very rusty with C >> and will probably not be much help coding, but anything else, I'd be glad to >> do. I suppose that I could give coding this support a shot, with (likely) a >> bit of hand-holding from you. >> >> The company that I work for has allocated budget for consulting, so I would >> be glad to help fund development if that's an issue. >> >> Thanks, >> Jake Guffey >> Network Security Engineer >> >> eProtex >> Network medical device security >> >> 5451 Lakeview Parkway S Drive >> Indianapolis, Indiana 46268, USA >> Mobile: 317-220-7100 >> [email protected] >> www.eprotex.com >> >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "[email protected]" >> >> > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
