IPFW, DIVERT, and if_bridge
Chris
eagletree at hughes.net
Thu Mar 13 07:54:33 PDT 2008
Hello,
I posted a similar message to Questions but received no
answer so I'm reposting a paraphrase here to see if anyone
knows.
I built FreeBSD 7.0 with options DIVERT and if_bridge to
see if I could make snort_inline work with the bridging
firewall I'm building. I found that the divert would not
direct packets to snort_inline which sounded a little like
the experiences people had when they tried to do this
with the pre-6.x bridge.
Is it still not possible to use divert with if_bridge? Here
is what I'm seeing in ipfw.
65000 48 7382 count ip from any to any
65001 0 0 divert 8300 ip from any to any
65010 48 7382 allow ip from any to any
Thank you,
Chris Pratt
More information about the freebsd-net
mailing list