Solved [Solved]FreeBSD10 ipfw abnormal rule

W

williamy

On FreeBSD10 amd64(Release version)
The firewall rule below can be parsed by ipfw command, but it will not match any packets
Code: 
ipfw add allow all from any to any MAC any any in via em0
But in previous version, it is working properly.
 
Re: FreeBSD10 ipfw abnormal rule

Did you enable the Layer2 filtering for IPFW via the sysctl:
Code: 
# systcl net.link.ether.ipfw=1
Without that, layer2 packets are not sent through the IPFW code.
 
so frustrated.

More description can be found via this link
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/188543
Sure I enabled the sysctl option,and I confirmed it is working on FreeBSD8.1. anyone have FreeBSD10? could you please have a try?

And actually I found another problem, the netstat -rn will show error message "lvm_read: Bad Address" when the fib number is 65535. And it is working properly when the fib number is 16 on the system.
 
Re: FreeBSD10 ipfw abnormal rule

I have tested under 10.0 and the count is alwayls 0.
Code: 
#sysctl -a|grep ipfw
net.link.ether.ipfw:1

Under 8.4 and 9.2,the count is correct.
 
You must log in or register to reply here.
Back
Top