How to use if_bridge
Andrew Thompson
thompsa at freebsd.org
Sat Apr 15 19:52:01 UTC 2006
On Sat, Apr 15, 2006 at 11:53:52AM +0200, Fabian Keil wrote:
> "Daniel O'Connor" <doconnor at gsoft.com.au> wrote:
>
> > On Friday 14 April 2006 21:37, Fabian Keil wrote:
>
> > > Depending on your firewall setup you might have to disable
> > > some of the net.link.bridge sysctls as well.
> >
> > I don't have any firewalls in the kernel for simplicity at this stage.
>
> If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip
> then. From the if_bridge man page:
>
> |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to
> | pass when packet filtering is enabled (subject to
> | firewall rules), set to 0 to unconditionally
> | pass all non-IP Ethernet frames.
>
> It's enabled by default.
It may not be entirely clear from the description but that sysctl only
has affect when packet filtering is enabled, both for the on and off
values.
At present there are only pfil(9) hooks for IP and IPv6 filters, the
knob contols what happens when filtering is enabled and the packet is
not IP so wont be inspected, is it passed or dropped.
I'll try and clarify the man page.
cheers,
Andrew
More information about the freebsd-net
mailing list