ipfw2 filtering on bridge
aanton at spintech.ro
Thu Jun 23 14:34:37 GMT 2005
> I'm sorry, I can't send this to the list because my messages to the list
> bounce because reverse DNS isn't set up.
No worries, thanks a lot for answering.
> This is funny, I just set this up for the first time yesterday except I
> set everything up to have no IP addresses so that the firewall would be
> invisible to anyone. I think I see what is wrong with your setup...
> You've got to change net.link.ether.bridge_ipfw=1 to
> net.link.ether.bridge.ipfw=1 in /etc/sysctl.conf. The handbook
> says that net.link.ether.bridge_ipfw=1 was updated in 5.2-RELEASE.
# sysctl net.link.ether.bridge.ipfw=1
net.link.ether.bridge.ipfw: 1 -> 1
# ipfw add deny icmp from any to any
00100 deny icmp from any to any
# ipfw show
00100 0 0 deny icmp from any to any
65535 931748 651891769 allow ip from any to any
PING EXT_IP_BEHIND_BRIDGE: 56 data bytes
64 bytes from EXT_IP_BEHIND_BRIDGE: icmp_seq=0 ttl=233 time=74.399 ms
64 bytes from EXT_IP_BEHIND_BRIDGE: icmp_seq=1 ttl=233 time=106.194 ms
Seems not to be working :(
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA
"It is dangerous to be right when the government is wrong." - Voltaire
More information about the freebsd-questions