arp, skipto, deny rules
Oivind H. Danielsen
oivind.danielsen at kopek.net
Sat Jun 21 06:53:38 PDT 2003
> I find in the below rules, that when rule 25 is present, that
> ARP packets are not passed through the bridge. When rule 25 is removed,
> arp packets pass ok.
>
> once the arp is known, packets pass just fine.
AFAIK, rule 25 will block <anything>, including layer2 packets.
You can explicitly allow arp packets using the following rule:
${fwcmd} add 24 allow mac any any mac-type arp
or better yet, use the layer2 keyword to define sections
in your rule set for the various traffic categories as
described in the man page. This way you don't have to
have an implicit "deny-all" policy for layer2 traffic
which you get with your current ruleset.
Best Regards,
Oivind H. Danielsen
More information about the freebsd-ipfw
mailing list