ipfw2 filtering on bridge
aanton at spintech.ro
Wed Jun 22 22:28:52 GMT 2005
I've been running into some problems with what is supposed to be a
filtering bridge with IPFW, on FreeBSD 5.4-REL0.
IPFW has been compiled into kernel:
along with the bridging capability.
No other firewalling mechanisms are enabled.
The bridge is configured and working:
fxp0 is Internet
vr0 is a server with an external IP, called EXT_IP
I tried blocking with trivial ruleset:
00100 0 0 deny icmp from any to any
65535 8518 584248 allow ip from any to any
However, pinging through the bridge, from the Internet, works without fear:
64 bytes from EXT_IP: icmp_seq=0 ttl=233 time=85.994 ms
64 bytes from EXT_IP: icmp_seq=1 ttl=233 time=96.220 ms
If anyone could help me a bit, I'd be really thankfull.
Thanks for the time.
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA
"It is dangerous to be right when the government is wrong." - Voltaire
More information about the freebsd-questions