ipfw tags & filtering incoming broadcasts
Eugene Grosbein
eugen at grosbein.pp.ru
Thu Apr 12 01:37:48 UTC 2007
On Wed, Apr 11, 2007 at 10:43:09PM +0800, Eugene Grosbein wrote:
> There is no problem to filter unicasts. But I want also block all
> broadcasts except of incoming RIPv2, some of hardware
> routers send broadcasts instead of multicasts here.
>
> I've tried this way:
I've just added a copy of rule 50 with number 35:
> ipfw add 30 allow tag 1 ip from any to any MAC ff:ff:ff:ff:ff:ff any
ipfw add 35 count log ip from any to any tagged 1
> ipfw add 40 allow ip from any to any layer2
> ipfw add 50 count log ip from any to any tagged 1
And I see that tag is kept during layer2 filtering stage
but seem to be lost somewhere in space in transition to layer3 stage.
So that is the question: is it a bug or featue?
Eugene
More information about the freebsd-net
mailing list