Bridging Broken in 1.2?

Christopher Weimann csw at
Mon Apr 18 13:21:08 PDT 2005

On 04/16/2005-03:18PM, Danial Thom wrote:
> Is there a chance that bridging is broken in 1.2?

Does DFly use ipfw1 or ipfw2?  If its ipfw2

  Handling of non-IPv4 packets
     ipfw1 will silently accept all non-IPv4 packets (which ipfw1 will
     only see when  ipfw2 will filter
     all packets (including non-IPv4 ones) according to the ruleset.
     To achieve the same behaviour as ipfw1 you can use the following
     as the very first rule in your ruleset:

         ipfw add 1 allow layer2 not mac-type ip

     The layer2 option might seem redundant, but it is necessary --
     packets passed to the firewall from layer3 will not have a MAC
     header, so the mac-type ip pattern will always fail on them, and
     the not operator will make this rule into a pass-all.

This is from man ipfw on a 5.3 box.

More information about the Users mailing list