Hi guys!
Just wondering if any of you know how to filter traffic (PPPOE,TCP,IP) by the means of ipfw, on bridge with FreeBSD 7.x installed, in the case when all traffic passing through the bridge is encapsulated in PPPOE.
Thanks.
As far as I know, packet filters take packets 'as is'. If you want to act on the contents of packets, you'll need a packet-inspecting ('decapsulating') firewall.
I need to observe content of the packet, i.e. TCP and IP. PPPOE is going through the bridge. I need to tune kernel with sysctl and tell ipfw how to check packets based on my rules. So guys I need your help how to do this.
DutchDaemon, thank you. What did you mean by this packet-inspecting ('decapsulating') firewall?
Guys, please let me know if you 'd tried to solve task like I asked.
You can only inspect those packets if the encapsulation/decapsulation takes place on your bridge. It's a bit like local SSL termination to inspect traffic from https sites for virus scanning.
I think you'll need something like a Checkpoint/SonicWall firewall, and I'm not even sure about those (they can do application layer (L7) filtering, but PPPoE isn't exactly layer 7).
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
