Packet filtering on tap interfaces
Robert Watson
rwatson at FreeBSD.org
Sun Aug 13 16:30:52 UTC 2006
On Sat, 12 Aug 2006, mal content wrote:
> Can tap interfaces reliably be filtered?
Max has provided a detailed answer, but I wanted to answer a more general
question here: a tap interface plugs into the normal kernel network interface
and ethernet layers, and as such, packets sent and received over tap
interfaces are processed entirely normally with respect to firewall services,
etc. In general, if a network service, such as IPSEC or a firewall, would
work for a physical interface, it will work for a tap interface.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-hackers
mailing list