IPF, IPv6 and a bridge
freebsd-question at premsoft.co.za
freebsd-questions at premsoft.co.za
Sat Jan 31 06:48:06 PST 2004
David Malone wrote:
>On Fri, Jan 30, 2004 at 09:38:08AM +0100, Jeroen Ubbink wrote:
>
>
>>ipfw doesn't seem to block router advertisements on a
>>bridge either. Is this just a problem with both those firewall tools or is
>>it a problem in FreeBSD?
>>
>>
>
>Bridged packets are special and are not usually firewalled. I could be
>mistaken, but I don't think you can get ipf to filter bridged packets
>in 4.9. You could use ipfw2 to do it though:
>
> sysctl net.link.ether.bridge_ipfw=1
> ipfw add deny layer2 mac-type ipv6 recv tun1
>
>(You'll need to turn on ipfw2 to do this - see the ipfw man page for
>details).
>
> David.
>_______________________________________________
>freebsd-stable at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
>
>
Actually, I think it is possible
I have not tested this, but there is also a sysctl knob for ipf:
net.link.ether.bridge_ipf: 1
Regards
Jaco
More information about the freebsd-stable
mailing list