ipfw arp protocol filtering
Chuck Swiger
cswiger at mac.com
Fri Jun 13 19:39:04 UTC 2008
On Jun 13, 2008, at 10:50 AM, Alexey Beketov wrote:
> I have two networks,10.10.0.0/16 both, and if_bridge between them.
> There is two different 10.10.0.1 machines in each network. I need to
> filter arp on bridge to make no conflicts between 10.10.0.1
> machines. How to make it, I using freebsd 7.0 and ipfw?
Seriously, dude-- don't even try to do this; you will be drawn into
networking hell.
If you still wish to risk it, consider:
sysctl -w net.link.ether.bridge_ipfw=1
sysctl -w net.link.ether.ipfw=1
ipfw add deny mac any 0:1:2:3:4:5
...add the deny rule twice & change MAC to match those of your two
10.10.0.1 machines. This won't filter ARP traffic, but instead just
the ethernet addresses of these two machines from passing through the
bridge. If you really want to block ARP, you're better off switching
to using a router and NAT forwarding rather than a bridge, but I
understand there's a hack like follows:
ipfw add deny udp from 0.0.0.0 2054 to 0.0.0.0
--
-Chuck
More information about the freebsd-ipfw
mailing list