svn commit: r340110 - head/sbin/ipfw
Eugene Grosbein
eugen at FreeBSD.org
Sun Nov 4 06:35:49 UTC 2018
Author: eugen
Date: Sun Nov 4 06:35:48 2018
New Revision: 340110
URL: https://svnweb.freebsd.org/changeset/base/340110
Log:
ipfw(8): clarify layer2 processing abilities
Make it clear that ipfw action set for layer2 frames it a bit limited.
PR: 59835
Reviewed by: yuripv
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D17719
Modified:
head/sbin/ipfw/ipfw.8
Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8 Sun Nov 4 06:25:07 2018 (r340109)
+++ head/sbin/ipfw/ipfw.8 Sun Nov 4 06:35:48 2018 (r340110)
@@ -511,6 +511,27 @@ ipfw add 10 skipto 4000 all from any to any layer2 out
.Pp
(yes, at the moment there is no way to differentiate between
ether_demux and bdg_forward).
+.Pp
+Also note that only actions
+.Cm allow,
+.Cm deny,
+.Cm netgraph,
+.Cm ngtee
+and related to
+.Cm dummynet
+are processed for
+.Cm layer2
+frames and all other actions act as if they were
+.Cm allow
+for such frames.
+Full set of actions is supported for IP packets without
+.Cm layer2
+headers only.
+For example,
+.Cm divert
+action does not divert
+.Cm layer2
+frames.
.Sh SYNTAX
In general, each keyword or argument must be provided as
a separate command line argument, with no leading or trailing
More information about the svn-src-all
mailing list