[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: brconfig and ARP

To: Tillman <tillman@hodgsonhouse.com>
Subject: Re: brconfig and ARP
From: Jason Wright <jason@thought.net>
Date: Thu, 1 Mar 2001 15:31:58 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20010228163427.D32245@server.hodgsonhouse.com> <20010301141936.C2992@thought.net> <20010301134350.B3058@server.hodgsonhouse.com>
User-Agent: Mutt/1.2.5i

On Thu, Mar 01, 2001 at 01:43:50PM -0600, Tillman wrote:
> With more reflection, I now think that this would properly belong in ipf.
> While ARP is specific to certain mediums (and thus doesn't make sense in a
> higher level filter like ipf), bridge already knows how to pass things up to
> ipf for filtering so it would be cleaner to filter it there. 
> 
True, and I've been thinking about extending the 'rule' interface
for bridges, but several things have stopped me:
	1. handling both SNAP encapsulation and DIX encapsulation (grr)
	2. coming up with a syntax that applies to both
	3. time to implement a rule parser and checker

I think if I extended the rule interface to allow blocking by protocol
number, you could accomplish your goal (block the arp's on the external
interface and run choparp there, which will intercept and respond when
necessary because it uses bpf), and I don't think this would take
very long.

--Jason L. Wright

Follow-Ups:
- Re: brconfig and ARP
  - From: Tillman <tillman@hodgsonhouse.com>

References:
- Re: brconfig and ARP
  - From: Jason Wright <jason@thought.net>
- Re: brconfig and ARP
  - From: Tillman <tillman@hodgsonhouse.com>

Prev by Date: another bridge query
Next by Date: Re: fetchmail +SMTP error
Prev by thread: Re: brconfig and ARP
Next by thread: Re: brconfig and ARP
Index(es):
- Date
- Thread