a3a4 IPFW and if_bridge - The FreeBSD Forums
The FreeBSD Forums  

Go Back   The FreeBSD Forums > Server & Networking > Firewalls
Reload this Page IPFW and if_bridge
Register FAQ Calendar Search Today's Posts Mark Forums Read

Firewalls IPFW, PF, IPF (but not limited) related discussion

Reply
 
Thread Tools Display Modes
  #1  
Old June 12th, 2011, 06:43
jrt03 jrt03 is offline
Junior Member
  
Join Date: Jun 2011
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Default IPFW and if_bridge
Hey guys,

I've currently got an inline bridge setup where traffic flows like so:

Code:
 em0 --> bridge0 --> em1
I'm using ipfw to only allow certain traffic through, but tcpdump shows incoming traffic that I explicitly deny in ipfw making it to the bridge0 interface and then being blocked. I was under the impression, the traffic would be blocked at em0.

I've got a custom program that uses libpcap listening on the bridge0 interface and I would rather not have to deal with the blocked traffic. Are there any sysctl knobs I can tweak such that traffic doesn't hit bridge0 before being evaluated against the firewall ruleset?

Here are my relevant sysctl settings:

Code:
net.link.bridge.ipfw: 1 (I'm using Dummynet as well)
net.link.bridge.inherit_mac: 0
net.link.bridge.log_stp: 0
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 0
net.link.bridge.ipfw_arp: 0
net.link.bridge.pfil_onlyip: 0

Thanks in advance!
Last edited by DutchDaemon; June 12th, 2011 at 21:36. Reason: Proper formatting: http://forums.freebsd.org/showthread.php?t=8816
Reply With Quote
  #2  
Old June 14th, 2011, 16:23
jrt03 jrt03 is offline
Junior Member
  
Join Date: Jun 2011
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Default
Can I provide any more information regarding my issue? Please let me know if there's something that is unclear
Reply With Quote
  #3  
Old August 16th, 2011, 21:03
jrt03 jrt03 is offline
Junior Member
  
Join Date: Jun 2011
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Default
After taking some time to focus on some different areas, I'm running up against this problem again with no solution. Does anyone have any input on the issue described in my original post?
Reply With Quote
Reply

Tags
block, bridge, dummynet, ipfw

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
if_bridge - stripping off 802.1q vlan tags elof Networking 8 February 18th, 2011 14:26
if_bridge stops working after a while nicblais Networking 16 October 26th, 2010 07:54
FreeBSD 8 if_bridge does not pass 802.1q vlans tea Networking 6 March 11th, 2010 12:09
IPv6 & if_bridge jimmyn Firewalls 0 February 21st, 2010 14:32
if_bridge performance michelem Networking 1 February 8th, 2009 18:08


All times are GMT +1. The time now is 08:27.

Contact Us - FreeBSD - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
The mark FreeBSD is a registered trademark of The FreeBSD Foundation and is used by The FreeBSD Project with the permission of The FreeBSD Foundation.
Web protection and acceleration provided by CloudFlare
0