ipfw with bridging
Jon Simola
jon at abccom.bc.ca
Fri Oct 15 13:53:46 PDT 2004
On Fri, 15 Oct 2004, Andrew Friedley wrote:
> What i need to do is to be able to drop or accept packets based on the
> interface they came in on, the interface they are going out on, and their
> source mac address.
>
> Matching on source mac addresses is no problem, nor is matching on the
> interface a packet comes in on. However, i am unable to write a rule that
> matches packets going out on a specific interface. Is this possible?
Not on a bridge as packets take the bdg_forward path. "out via xl2 layer2"
can only match packets going through ether_output_frame.
Check the man page, there's a great ascii drawing of how it works in the
PACKET FLOW section.
You may be able to get some similar functionality to what you desire using
bridge groups.
---
Jon Simola <jon at abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
More information about the freebsd-ipfw
mailing list