PF rule on bridged interface won't match
Csaba Urban
ucsaba at freemail.hu
Fri Nov 18 14:50:48 GMT 2005
Hi,
I can't have packets match on PF rules on a member of if_bridge if it is
not bridged but comes from an other IP interface. Bridged packets
match correctly.
bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 0xffffffe0
ether ac:de:48:af:bc:8f
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: vlan3 flags=3<LEARNING,DISCOVER>
member: vlan2 flags=3<LEARNING,DISCOVER>
member: vlan1 flags=3<LEARNING,DISCOVER>
PF rule:
pass in on vlan1 all
pass out on vlan1 all
This rule matches only if traffic is bridged (goes directly layer2 from
vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from
there then it won't match.
The appropriate sysctls (net.link.bridge.pfil_member and
net.link.bridge.pfil_bridge) are set.
Any ideas?
csaba
_______________________________________________________________________
Rendelj képet és nyerjél gépet a T-Online Fotótárával december 15-ig.
http://www.t-online.hu
More information about the freebsd-net
mailing list