OK, I am new to freeBSD, but I'm not a firewall newb. The setup looks like this - 3 wireless cards (ap mode)bridged with an Ethernet, ipwf enabled. Kernel's compiled without default_to_accept option.
Ethernet nic is then wired to another Linux box that handles hotspot authentification, daily quotas and other user related stuff.
Now, the problem pops up when I try to filter the traffic on FreeBSD. The general idea is to allow udp traffic on port 67 to 68 (dhcp traffic) form any to any as well as icmp traffic (for testing network connectivity). ICMP ping doesn't get trough with option "allow icmp from any to any", and sometimes the funniest thing happens - 10 packets go trough and the rest of them get dropped!
option "allow { not tcp or not udp } form any to any" passes all traffic trough!
anyone got an idea what am I doing wrong?
Ethernet nic is then wired to another Linux box that handles hotspot authentification, daily quotas and other user related stuff.
Now, the problem pops up when I try to filter the traffic on FreeBSD. The general idea is to allow udp traffic on port 67 to 68 (dhcp traffic) form any to any as well as icmp traffic (for testing network connectivity). ICMP ping doesn't get trough with option "allow icmp from any to any", and sometimes the funniest thing happens - 10 packets go trough and the rest of them get dropped!
option "allow { not tcp or not udp } form any to any" passes all traffic trough!
anyone got an idea what am I doing wrong?