Hello dear developments, I have FreeBSD 5.2.1 release + bridge and ipfw. I am a filter on interface (rl0 our net - all allow, rl1 - filtered) If I enabled net.link.ether.bridge.ipfw=1, that firewall works only local. Needs filtering the bridge if I filter interfaces?
Sample: (81.89.68.130 - freebsd; 81.89.68.200 - my computer) work: 00100 allow ip from any to any via lo0 work: 00200 allow ip from any to any via rl0 work: 00300 allow tcp from any to 81.89.68.130 dst-port 21,22,25,53,80,465,995 in via rl1 don't work: 01000 allow tcp from 212.48.140.177 8000 to 81.89.68.143 dst-port 1024-65535 in via rl1 don't work: 01100 allow tcp from 81.89.68.143 1024-65535 to 212.48.140.177 dst-port 8000 out via rl1 don't work: 02900 allow ip from any to 81.89.68.200 in via rl1 don't work: 02910 allow ip from 81.89.68.200 to any out via rl1 don't work: 02920 allow ip from any to 81.89.68.200 in via rl0 don't work: 02940 allow ip from 81.89.68.200 to any out via rl0 work: 65535 deny ip from any to any Where this problems? My settings: mail# sysctl -a | grep fw net.inet.ip.fw.enable: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 0 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.static_count: 34 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_keepalive: 1 net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge_ipfw: 1 net.link.ether.ipfw: 0 I tried to setup net.link.ether.ipfw=1 - nothing do not change mail# sysctl -a | grep bridge net.link.ether.bridge.version: $Revision$ $Date$ net.link.ether.bridge.debug: 0 net.link.ether.bridge.ipf: 0 net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.copy: 0 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge.packets: 423251 net.link.ether.bridge.dropped: 0 net.link.ether.bridge.predict: 222548 net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: rl0,rl1 net.link.ether.bridge_ipf: 0 net.link.ether.bridge_ipfw: 1 net.link.ether.bridge_cfg: rl0,rl1 Beforehand You is thanked. P.S. This settings and rules firewall, beautifully worked on FreeBSD 4.6-RELEASE -- Best regards, Admin mailto:[EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"