PF rule on bridged interface won't match
Andrew Thompson
thompsa at freebsd.org
Sat Nov 19 20:33:43 GMT 2005
On Fri, Nov 18, 2005 at 03:50:42PM +0100, Csaba Urban wrote:
> Hi,
>
> I can't have packets match on PF rules on a member of if_bridge if it is
> not bridged but comes from an other IP interface. Bridged packets
> match correctly.
>
> bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
> inet 192.168.1.1 netmask 0xffffffe0
> ether ac:de:48:af:bc:8f
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> member: vlan3 flags=3<LEARNING,DISCOVER>
> member: vlan2 flags=3<LEARNING,DISCOVER>
> member: vlan1 flags=3<LEARNING,DISCOVER>
>
> PF rule:
> pass in on vlan1 all
> pass out on vlan1 all
>
> This rule matches only if traffic is bridged (goes directly layer2 from
> vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from
> there then it won't match.
This is how its currently implemented. You can match locally generated
packets on the bridge0 interface, is that sufficient for your setup?
Andrew
More information about the freebsd-net
mailing list