ipfw2 filtering on bridge

Alin-Adrian Anton aanton at spintech.ro
Wed Jun 22 22:28:52 GMT 2005

Hi there,

     I've been running into some problems with what is supposed to be a 
filtering bridge with IPFW, on FreeBSD 5.4-REL0.

     IPFW has been compiled into kernel:

options         BRIDGE
options         IPFIREWALL
options         IPDIVERT

along with the bridging capability.

No other firewalling mechanisms are enabled.

The bridge is configured and working:


fxp0 is Internet
vr0 is a server with an external IP, called EXT_IP

I tried blocking with trivial ruleset:

00100    0      0 deny icmp from any to any
65535 8518 584248 allow ip from any to any

However, pinging through the bridge, from the Internet, works without fear:
64 bytes from EXT_IP: icmp_seq=0 ttl=233 time=85.994 ms
64 bytes from EXT_IP: icmp_seq=1 ttl=233 time=96.220 ms

If anyone could help me a bit, I'd be really thankfull.

Thanks for the time.

Yours Sincerely,
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785  2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA

"It is dangerous to be right when the government is wrong." - Voltaire

