Subject: Re: bridged interfaces? (for ipfilter)
To: Andrew Brown <email@example.com>
From: Stefan Grefen <firstname.lastname@example.org>
Date: 09/09/1998 10:16:09
In message <19980908223335.A20791@noc.untraceable.net> Andrew Brown wrote:
> On Tue, Sep 08, 1998 at 01:33:22AM -0700, Michael Graff wrote:
> >Stefan Grefen <email@example.com> writes:
> >> Hmm man 5 ipf says there is the "to" keyword which allows you to switch
> >> packets directly to an interface bypassing the routing code.
> >> (this -current )
> >> This should do the trick for IP-based protocols.
> >Except that the NetBSD machine won't usually get the packets unless you
> >also fake ARP requests. And now you're not a bridge, or at least not
> >a transparent one.
> well...wouldn't bridging the non-ip protocols via the bpf include arp
> requests/replies? wouldn't that make you pretty transparent?
You can filter the stuff for IP-arps even in the bpf-rules (the IP packets
must be dropped anyway),
Is running trough a user process anyway, so if you're lazy you can put the
> |-----< "CODE WARRIOR" >-----|
> firstname.lastname@example.org * "ah! i see you have the internet
> email@example.com (Andrew Brown) that goes *ping*!"
> firstname.lastname@example.org * "information is power -- share the wealth."
Stefan Grefen Tandem Computers Europe Inc.
email@example.com High Performance Research Center
--- Hacking's just another word for nothing left to kludge. ---