Packet filtering on tap interfaces
mal content
artifact.one at googlemail.com
Sat Aug 12 21:12:10 UTC 2006
On 12/08/06, Max Laier <max at love2party.net> wrote:
>
> This is because the packets never make it to the IP-Layer (where our
> packet filters normally hook into). You can try to use if_bridge(4) to
> bridge tap0 and fxp0. if_bridge(4) offers extensive means of packet
> filtering described in the man page in great detail.
>
Ah, thanks, I didn't know that existed (and I've even got the kernel
module loaded for some reason).
If I'm understanding that manual page correctly, I would put pf
rules on 'bridge0', yes?
MC
More information about the freebsd-hackers
mailing list