Protecting bridge interface via external interface and IPFW
Chuck Swiger
cswiger at mac.com
Tue Nov 8 19:02:29 UTC 2011
On Nov 8, 2011, at 7:54 AM, Korodev wrote:
[ ... ]
> Are there any modifications, whether it be patches, sysctl tunings, or
> virtual interface trickery to allow IPFW to act as a "shield" to my
> libpcap program?
It's intentional that libpcap/BPF sees traffic before firewall rules, routing, and so forth are done. However, if the traffic is only coming from one side, you might get the desired effect by having your program listen to the other side of the bridge (ie, physical interface).
Failing that, you could change your monitoring tool to not pay attention to the traffic you want it to ignore.
Regards,
--
-Chuck
More information about the freebsd-ipfw
mailing list