ipfw broken with bridge under 5.x (5.3 and 5.4)
Jose M Rodriguez
josemi at freebsd.jazztel.es
Thu May 5 07:03:00 PDT 2005
On Wed, May 04, 2005 at 06:18:51PM +0100, Josef Karthauser wrote:
> On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote:
> >
> > I believe I am seeing similar problems to you, though uptime for me is
> > generally measurable in days rather than minutes. I've found that
> > adding an explicit "allow all from any to any" and then removing it
> > again seems to get it working. I will test your solution when mine
> > fails again.
> > <snip/>
>
> It appears that the solution is obtained by adding the rule:
>
> allow ip from any to any layer2 mac-type arp
>
> to the beginning of the firewall list. IPFW2 drops non-IP traffic
> whereas IPFW1 passes it though. This is the reason why my configuration
> stopped working after the upgrade.
>
What point me that we must solve the ip <-> all problem in ipfw2
ip from any to any
match all traffic, not only ip. So this must be deprecated and all used
instead.
Also, this must be take in account when pretty-print is done.
Apart of this, I'm still have problems with ipfw and rules without body:
- skipto 30000
+ skipto 30000 all from any to any
--
josemi
More information about the freebsd-current
mailing list