macfw -- layer2 firewall
Gleb Kurtsou
k-gleb at yandex.ru
Mon Nov 13 11:49:10 UTC 2006
On (11/11/2006 12:21), Andrew Thompson wrote:
> On Fri, Nov 10, 2006 at 10:03:28PM +0200, Gleb Kurtsou wrote:
> > On (10/11/2006 09:38), Andrew Thompson wrote:
> > > On Thu, Nov 09, 2006 at 10:00:37PM +0200, Gleb Kurtsou wrote:
> > > > On (09/11/2006 06:32), Andrew Thompson wrote:
> > > > > thompsa 2006-11-09 06:32:39 UTC
> > > > >
> > > > > FreeBSD src repository
> > > > >
> > > > > Modified files:
> > > > > sbin/ifconfig ifbridge.c ifconfig.8
> > > > > sys/net if_bridge.c if_bridgevar.h
> > > > > Log:
> > > > > Add a new address cache type called sticky. On an interface marked sticky any
> > > > > address learned by the bridge is made permanent, the address will not age out
> > > > > and most importantly will not migrate to another interface.
> > > > >
> > > > > This can be used to stop mac address poisoning or clients roaming in much the
> > > > > same way as static entries without the hassle of preloading the table.
> > > >
> > > > I have some sort of MAC firewall. It's tested and seems to work reliably
> > > > but it's mostly a hack. It adds mtag with source MAC to mbufs and filters
> > > > according them. If you you are interesting in reviewing and possibly
> > > > committing it, I'll be glad to send you sources.
> > >
> > > Sure, send me the sources and I will have a look.
> >
> > Didn't test it on -CURRENT.
> >
>
> It looks like a good piece of work. You should post it to the net@
> mailing list for comments, there has been some discussion lately about
> layer2 firewalls. I will try it out as time permits.
>
>
> cheers,
> Andrew
>
In case somebody is interested..
More information about the freebsd-net
mailing list