Bridge filter rule, strange…
-
Hi all,
I encounter a very strange problem ::)
I have 2 interfaces fxp0_vlan42 and fxp0_vlan22 which are bridged to BRIDGE0 and affected to LAN interface (fxp0_vlan42 is wired and fxp0_vlan22 is wifi).
Interfaces affectation are : LAN=BRIDGE0 ; WLAN=VLAN2 (fxp0_vlan22)
Everything is ok, i am able connect with wifi and wired, get dhcp address etc…Now, i want to apply different filter rules for wifi (WLAN interface fxp0_vlan22), and i have enabled net.link.bridge.pfil_bridge=1 (under system tunnables tweaks) to be able to apply different filter rules for each (pseudo because vlan) physical interfaces.
But no way, all LAN (BRIDGE0) rules override WLAN (fxp0_vlan22) rules... Even if i want to drop all from WLAN, nothing apply and everything pass (because LAN rules)...
An idea ?
Thanks in advance..
-
humm …
ok i auto answer, i need to add net.link.bridge.pfil_local_phys=1 too ...but to match source in rules, i have to keep "any" for each of these interfaces , i can't use WLAN subnet or LAN subnet as source...
Thanks.
-
new problem, WLAN to LAN is impossible, no ping, nothing… But WLAN to WAN (internet) no problem...
I tried to disable net.link.bridge.pfil_bridge (1->0) but no way...
-
Now, i want to apply different filter rules for wifi (WLAN interface fxp0_vlan22)
Sounds like you no longer want to bridge WLAN and LAN.
-
Of course i would have LAN and WLAN bridged (over vlan), but with different filter rules… for logging everything from wifi for example (sorry i'm paranoid)...
But no way, i didn't manage to configure and get it working...
-
OK, since you haven't been able to get what you want with the LAN and WLAN interfaces bridged why don't you make them distinct interfaces (not bridged) and then apply appropriate firewall rules to each interface?
-
I need bridge because of some F##### protocol like dlna/upnp between my wlan and my lan …
If i use different subnets, some hardware won't running properly... >:(