macfw -- layer2 firewall
Chris Dionissopoulos
dionch at freemail.gr
Mon Nov 13 17:20:44 UTC 2006
Hello Gleb,
Monday, November 13, 2006, 1:47:31 PM, you wrote:
> On (11/11/2006 12:21), Andrew Thompson wrote:
>> On Fri, Nov 10, 2006 at 10:03:28PM +0200, Gleb Kurtsou wrote:
>> > On (10/11/2006 09:38), Andrew Thompson wrote:
>> > > On Thu, Nov 09, 2006 at 10:00:37PM +0200, Gleb Kurtsou wrote:
>> > > > On (09/11/2006 06:32), Andrew Thompson wrote:
>> > > > > thompsa 2006-11-09 06:32:39 UTC
>> > > > >
>> > > > > FreeBSD src repository
>> > > > >
>> > > > > Modified files:
>> > > > > sbin/ifconfig ifbridge.c ifconfig.8
>> > > > > sys/net if_bridge.c if_bridgevar.h
>> > > > > Log:
>> > > > > Add a new address cache type called sticky. On an interface marked sticky any
>> > > > > address learned by the bridge is made permanent, the address will not age out
>> > > > > and most importantly will not migrate to another interface.
>> > > > >
>> > > > > This can be used to stop mac address poisoning or clients roaming in much the
>> > > > > same way as static entries without the hassle of preloading the table.
>> > > >
>> > > > I have some sort of MAC firewall. It's tested and seems to work reliably
>> > > > but it's mostly a hack. It adds mtag with source MAC to mbufs and filters
>> > > > according them. If you you are interesting in reviewing and possibly
>> > > > committing it, I'll be glad to send you sources.
>> > >
>> > > Sure, send me the sources and I will have a look.
>> >
>> > Didn't test it on -CURRENT.
>> >
>>
>> It looks like a good piece of work. You should post it to the net@
>> mailing list for comments, there has been some discussion lately about
>> layer2 firewalls. I will try it out as time permits.
>>
>>
>> cheers,
>> Andrew
>>
> In case somebody is interested..
I'm really interest to test your patch.
--
Best regards,
Chris mailto:dionch at freemail.gr
More information about the freebsd-net
mailing list