Re: properly ipf config on dom0

To: Victor Gamov <vit%euro-comm.net@localhost>
Subject: Re: properly ipf config on dom0
From: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Date: Sat, 19 Dec 2009 08:41:56 +0000 (GMT)

On Sat, 19 Dec 2009, Victor Gamov wrote:

May be wrong maillist but...

I have dom0 with NetBSD and some domU with other OSes.
external dom0 interface nfe0 bridged to one of domU. IPF configured to checkdomU IP-address at nfe0 but traffic for domU still not filtered and notlogged by IPF.
As I understand traffic comes to nfe0, then driver (?) discover packetaddressed to IP-address (or MAC?) owned by domU and send it to domU viabridge without putting it into IPF input queue.
Is it correct?

If so, then I need to recompile kernel with BRIDGE_IPF option?

Yes, you need to have BRIDGE_IPF in your kernel. You also need to have theipf option enabled on your bridge.


--
Stephen

Follow-Ups:
- Re: properly ipf config on dom0
  - From: Victor Gamov

References:
- properly ipf config on dom0
  - From: Victor Gamov

Prev by Date: properly ipf config on dom0
Next by Date: Re: properly ipf config on dom0
Previous by Thread: properly ipf config on dom0
Next by Thread: Re: properly ipf config on dom0
Indexes:

Home | Main Index | Thread Index | Old Index