Bridge
Jon Otterholm
jon.otterholm at ide.resurscentrum.se
Fri Sep 15 10:49:01 PDT 2006
Andrew Thompson wrote:
> On Thu, Sep 14, 2006 at 04:23:07PM +0200, Jon Otterholm wrote:
>
>> Andrew Thompson wrote:
>>
>>> On Thu, Sep 14, 2006 at 10:30:21AM +0200, Jon Otterholm wrote:
>>>
>>>
>>>> Andrew Thompson wrote:
>>>>
>>>>
>>>>> On Wed, Sep 13, 2006 at 08:19:41PM +0200, Jon Otterholm wrote:
>>>>> >From man if_bridge:
>>>>>
>>>>>
>>>>>> ARP and REVARP packets are forwarded without being filtered and
>>>>>> others
>>>>>> that are not IP nor IPv6 packets are not forwarded when pfil_onlyip
>>>>>> is
>>>>>> enabled. IPFW can filter Ethernet types using mac-type so all
>>>>>> packets
>>>>>> are passed to the filter for processing.
>>>>>>
>>>>>> ARP is still forwarded though I have the following config:
>>>>>>
>>>>>>
>>>>> The check for ARP happens before the ipfw layer2 code so it isnt
>>>>> currently possible to filter them.
>>>>>
>>>>>
>>>>>
>>>> What impact would it have to others using bridge? Could it be made in
>>>> combination with a sysctl that must be enabled? I can onley speak for me
>>>> an my needs - I would like this to be committed.
>>>>
>>>>
>>>>
>>> You can try the patch I sent in a later email, it should work fine.
>>>
>>>
>>> Andrew
>>>
>>>
>> Do I have to go to -current for version 1.79 of if_bridge.c?
>>
>
> No, the patch will apply fine to RELENG_6 too.
>
>
> Andrew
>
It works fine. Thanks for all the help (let me know if you are in town
(Ljungby-Sweden) and I will buy you lunch :-)).
I hope to put this in production soon - will this patch work on future
releases? How about committing this?
/Jon
More information about the freebsd-net
mailing list