DragonFly BSD
DragonFly users List (threaded) for 2005-04
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Bridging Broken in 1.2?


From: Christopher Weimann <csw@xxxxxxxxx>
Date: Mon, 18 Apr 2005 16:17:57 -0400

On 04/16/2005-03:18PM, Danial Thom wrote:
> 
> Is there a chance that bridging is broken in 1.2?

Does DFly use ipfw1 or ipfw2?  If its ipfw2

  Handling of non-IPv4 packets
     ipfw1 will silently accept all non-IPv4 packets (which ipfw1 will
     only see when net.link.ether.bridge_ipfw=1).  ipfw2 will filter
     all packets (including non-IPv4 ones) according to the ruleset.
     To achieve the same behaviour as ipfw1 you can use the following
     as the very first rule in your ruleset:

         ipfw add 1 allow layer2 not mac-type ip

     The layer2 option might seem redundant, but it is necessary --
     packets passed to the firewall from layer3 will not have a MAC
     header, so the mac-type ip pattern will always fail on them, and
     the not operator will make this rule into a pass-all.

This is from man ipfw on a 5.3 box.




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]