TRansparent firewalll (pf vs ipfw)
Mircea Popescu
popescu.mircea at gmail.com
Fri Sep 8 07:56:39 PDT 2006
Hi!
I have an Freebsd 6.0 box with a functioning bridge (bridge0 = fxp0 + rl0)
My problem is that if I try to cut access to any port on bridge0
interface using PF, nothing happens.
For example I've tried to cut access to ssh service from a certain ip
... putty still managed to get through.
The rule was:
block on bridge0 proto { tcp udp } from yy.yy.yy.yy to xx.xx.xx.xx port pppppp
BUT, with the following rule:
block on rl0 proto { tcp udp } from yy.yy.yy.yy to xx.xx.xx.xx. port pppppp
Putty couldn't obtain a connection.
Considering the fact that in linux, which I gave up using, making a
bridge would disable the interfaces within, I WOULD LIKE TO HAVE SOME
QUESTIONS ANSWERED:
1. Once the bridge0 interface is created, the fxp0 and rl0 interfaces
could still get their own ip addresses? (in linux this would be
imposible)
2. Which firewall it is more desirable to use with a bridge? PF or IPFW)
Thx a lot
More information about the freebsd-pf
mailing list