OpenBSD's PF with a bridge on FreeBSD 6.x
Michiel Kranenburg
michiel at nl-hrln-ptgrf.net
Mon Nov 28 20:21:03 GMT 2005
Hi all,
I’m currently running FreeBSD 6.0-RELEASE.
I have 2 ethernet-cards running in promisc mode that should bridge my ISP
modem with my switch.
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::201:2ff:fe09:84f3%xl0 prefixlen 64 scopeid 0x1
inet 145.99.138.82 netmask 0xfffffff0 broadcast 145.99.138.95
inet 145.99.138.83 netmask 0xfffffff0 broadcast 145.99.138.95
ether 00:01:02:09:84:f3
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::250:4ff:fe55:2852%xl2 prefixlen 64 scopeid 0x3
ether 00:50:04:55:28:52
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
Currently this is my situation:
( Internet (/28) ) <-> ( xl0 ) <bridge> ( xl2 ) <-> ( switchs ) <-> (
clients )
The problem is that I want PF (OpenBSD’s Packet Filter) to firewall my
server and the bridge (for the clients).
The packet filter works great for the server, it handles packets that are
defined in the ruleset perfectly.
The real problem relies on filtering the bridge, PF passes all traffic too
the bridge _even_ when some kind of traffic is blocked on xl0. (So it
shouldn’t be on the network anyway)
Can someone help me to get filtering on de bridge to work?
Please CC me as I'm not subscribed to this list!
With kind regards,
Michiel Kranenburg
More information about the freebsd-pf
mailing list