From toni@it-austria.net  Fri Apr 21 08:37:52 2006
Return-Path: <toni@it-austria.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C77716A401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Apr 2006 08:37:52 +0000 (UTC)
	(envelope-from toni@it-austria.net)
Received: from zep4.it-austria.net (zep4.it-austria.net [213.150.1.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0FB0E43D46
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Apr 2006 08:37:51 +0000 (GMT)
	(envelope-from toni@it-austria.net)
Received: from skunk.user.lan.at (unknown [10.24.28.114])
	by zep4.it-austria.net (Postfix) with ESMTP id 06C63337E3
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Apr 2006 10:37:50 +0200 (CEST)
Received: from skunk.user.lan.at (localhost [127.0.0.1])
	by skunk.user.lan.at (8.12.10/8.12.10) with ESMTP id k3L8bnJP042866
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Apr 2006 10:37:49 +0200 (CEST)
	(envelope-from pinhead@skunk.user.lan.at)
Received: (from pinhead@localhost)
	by skunk.user.lan.at (8.12.10/8.12.10/Submit) id k3L8bnXU042865;
	Fri, 21 Apr 2006 10:37:49 +0200 (CEST)
	(envelope-from pinhead)
Message-Id: <200604210837.k3L8bnXU042865@skunk.user.lan.at>
Date: Fri, 21 Apr 2006 10:37:49 +0200 (CEST)
From: Toni Schmidbauer <freebsd@stderror.at>
Reply-To: <freebsd@stderror.at>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: add hint to pass arp packets through filtering bridge to advanced-networking doc
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         96127
>Category:       docs
>Synopsis:       add hint to pass arp packets through filtering bridge to advanced-networking doc
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    trhodes
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 21 08:40:12 GMT 2006
>Closed-Date:    Fri Oct 13 10:55:49 GMT 2006
>Last-Modified:  Fri Oct 13 11:00:28 GMT 2006
>Originator:     Toni Schmidbauer
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
stderror.at
>Environment:
System: FreeBSD skunk.user.lan.at 6.0-STABLE FreeBSD 6.0-STABLE #0: Thu Nov 10 20:29:49 CET 2005 root@skunk.user.lan.at:/usr/obj/usr/src/sys/alpha i386


>Description:
	currently it is stated in the advanced networking section in
	the handbook to add IPFIREWALL_DEFAULT_TO_ACCEPT to allow arp through a
	filtering bridge. this is not false, but there's a better way
	to do it. 

>How-To-Repeat:
	
>Fix:

diff -u handbook/advanced-networking/chapter.sgml.orig handbook/advanced-networking/chapter.sgml
--- handbook/advanced-networking/chapter.sgml.orig      Fri Apr 21 09:31:35 2006
+++ handbook/advanced-networking/chapter.sgml   Fri Apr 21 09:41:11 2006
@@ -1919,6 +1919,14 @@
          changes the default rule for the firewall to accept any packet.
          Make sure you know how this changes the meaning of your ruleset
          before you set it.</para>
+
+       <para>One other way to allow only arp packets through a filtering bridge,
+         is to add the following firewall rule:
+
+         <programlisting>ipfw add allow mac-type arp layer2<programmlisting>
+
+         so you do not have to set <literal>IPFIREWALL_DEFAULT_TO_ACCEPT</literal>.
+       <para>
       </sect3>
 
       <sect3>
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: trhodes 
State-Changed-When: Fri Oct 13 10:54:13 UTC 2006 
State-Changed-Why:  
Different version of your patch committed.  Because of the 
pre/post text, I chose to document all three plausible options 
for this senerio and discuss their differences.  Thanks for 
the submission! 


Responsible-Changed-From-To: freebsd-doc->trhodes 
Responsible-Changed-By: trhodes 
Responsible-Changed-When: Fri Oct 13 10:54:13 UTC 2006 
Responsible-Changed-Why:  
Over to me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=96127 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/96127: commit references a PR
Date: Fri, 13 Oct 2006 10:54:08 +0000 (UTC)

 trhodes     2006-10-13 10:53:54 UTC
 
   FreeBSD doc repository
 
   Modified files:
     en_US.ISO8859-1/books/handbook/advanced-networking 
                                                        chapter.sgml 
   Log:
   In the "filtering bridge" section, add a note about how to pass arp packets
   through the firewall.  This is useful in cases where a user may not wish to
   set IPFIREWALL_DEFAULT_TO_ACCEPT.
   
   PR:             96127
   
   Revision  Changes    Path
   1.386     +23 -6     doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
