FBSD6 if_bridge
David Pierron
david at wombatsweb.com
Tue Dec 6 17:54:39 GMT 2005
Bruce A. Mah on 12/03/2005 9:39 PM wrote:
>>I stuffed those CAT5 puppies into the NICs for about 5 minutes maybe ...
>>Got 4100 lines of blocks from the two interfaces ... (They were all
>>"block in" btw) ... Here I thought there wasn't that much traffic at
>>this time of the AM ... Now will compose a ruleset before I start using
>>it again ...
>>
>pflog(4) is quite useful. I used it a lot while trying to figure out my
>own firewall rules. I came from a m0n0wall setup where I didn't really
>write or understand the firewall rules, and before that I was doing
>ipfw. So this was helpful to figure out how PF rules worked (or
>sometimes didn't).
>
>
>>Thanks ever so much! I popped your name in the HOW-TO I am creating @
>>http://test.davidpierron.com/fbsd-pf.php
>>
>>
>Aw shucks.....I'm just glad to have been of some help to someone else.
>(Neat writeup BTW...I want to look into pftop in my Copious Spare Time
>(TM).)
>
Couple questions re: if_bridge ...
Regardless of the order:
block out log on $ext_if all
block in log on $ext_if all
I see blocks only coming "in" ...
042341 rule 4/0(match): block in on fxp0: xxx.xxx.xxx.xxx.32912 > my.c.class.xxx.53: 59540 A? www.foo.org. (37)
It seems to me that the only direction available on the interfaces of the bridge is "in" ... Is this true?
If this is the case, does this mean that ALTQ is unavailable using if_bridge since I've read that ALTQ can only be used on the "out" of an interface?
More information about the freebsd-pf
mailing list