Bridge
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Wed Sep 13 21:38:14 PDT 2006
Andrew, good day!
> The check for ARP happens before the ipfw layer2 code so it isnt
> currently possible to filter them.
>
> switch (ether_type) {
> case ETHERTYPE_ARP:
> case ETHERTYPE_REVARP:
> return (0); /* Automatically pass */
I am a bit confused because in the another thread (also created by
Jon Otterholm) you've answered that
-----
The only way that you will be able to filter ARP packets is by setting
pfil_onlyip=0, ipfw=1 and use the IPFW layer2 filtering.
-----
citing the same code. Am I understand something incorrectly or these
two answers do contradict with each other?
--
Eygene
More information about the freebsd-net
mailing list