Firewall bridge mode with ipfw

[Renato Barreto]

Hi,

In a bridge mode firewall (4.10-RELEASE) with IPFW2, how to implement a more restrict rule to pass MAC packet.
If MAC is blocked, bridge don´t work.

/var/log/security:
Dec 10 08:21:47 FB06 /kernel: ipfw: 65000 Accept MAC in via xl0
Dec 10 08:26:14 FB06 /kernel: ipfw: 65000 Accept MAC in via vr0

The rule 65000 is completly open:

#ipfw show
65000  6298  309886 allow log ip from any to any layer2 keep-state 

#/etc/sysctl.conf
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_ipfw=1
sysctl net.link.ether.bridge_cfg=xl0,vr0

TIA,

Renato