5.4 -- bridging, ipfw, dot1q
Dan Mahoney, System Admin
danm at prime.gushi.org
Fri Aug 12 04:03:33 GMT 2005
Okay, here's the situation. PLEASE let me know if there's a better place
to ask. (isp@, kernel@, something)
I'm setting up a bridging firewall where the packets are passing through
on dot1q trunks.
The bridge works. Packet counts work (so I assume the bridge at least
sees the packets).
Problem is, any "reasonable" rules (such as those which actually say to
block traffic by ip or port or anything) aren't working at all. Not even
logging counts.
Setting the "bridged" flag doesn't seem to help.
My only guess is that ipfw doesn't have the brains to look beyond the VLAN
tags. Is this the case? Is this supported under 4.x, or is there any way
AT ALL that I can get this to work?
As a note, snort and trafshow and everything else work fine analyzing the
bridge traffic, it seems only the kernel has an issue.
--
"Of course she's gonna be upset! You're dealing with a woman here Dan,
what the hell's wrong with you?"
-S. Kennedy, 11/11/01
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the freebsd-questions
mailing list