[sysadmin-discuss] Bridging firewall with snv_125 and ipfilter

Fri, 15 Jan 2010 14:10:36 -0800 

Has anyone gotten a transparent firewall working?  I'm using snv_125 on an IBM 
x346 (snv_130
goes into endless boot loops on this hardware).  I can create a working bridge 
with dladm, but
can't stop packets, even with "block in quick all".  That stops packets on my 
management
interface bge0, but not on the bridge. :(

t...@ghost:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 
index 1
        inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.1.1.16 netmask ffffff00 broadcast 10.1.1.255
        ether 0:14:5e:23:4f:fd
bge1: flags=1000943<UP,BROADCAST,RUNNING,PROMISC,MULTICAST,IPv4> mtu 1500 index 
3
        inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
        ether 0:14:5e:23:4f:fc
bge2: flags=1000943<UP,BROADCAST,RUNNING,PROMISC,MULTICAST,IPv4> mtu 1500 index 
4
        inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
        ether 0:10:18:19:27:ea
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 
index 1
        inet6 ::1/128

t...@ghost:~# dladm show-bridge -l bridge
LINK        STATE       UPTIME  DESROOT
bge1        forwarding  80328   32768/0:14:5e:23:4f:fc
bge2        forwarding  78136   32768/0:14:5e:23:4f:fc

t...@ghost:~# routeadm
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
               IPv4 routing   disabled             disabled
               IPv6 routing   disabled             disabled
            IPv4 forwarding   disabled             disabled
            IPv6 forwarding   disabled             disabled

           Routing services   "route:default ripng:default"

Routing daemons:

                      STATE   FMRI
                     online   svc:/network/routing/ndp:default
                   disabled   svc:/network/routing/ripng:default
                   disabled   svc:/network/routing/route:default
                   disabled   svc:/network/routing/rdisc:default
                   disabled   svc:/network/routing/legacy-routing:ipv6
                   disabled   svc:/network/routing/legacy-routing:ipv4


t...@ghost:~# svcs ipfilter bridge route
STATE          STIME    FMRI
disabled       18:43:07 svc:/network/routing/route:default
online         18:43:36 svc:/network/bridge:bridge
online         19:19:31 svc:/network/ipfilter:default

   Am I missing something here?
-- 
This message posted from opensolaris.org
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss

Reply via email to