Re: Help with bridge and new IP requirements

In reply to: Ronald Klop : "Re: Help with bridge and new IP requirements"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Thu, 11 Sep 2025 14:58:57 UTC

On 9/11/25 10:47, Ronald Klop wrote:
> Hi,
> 
> I can do:
> 
> sysctl net.link.bridge.pfil_member=1
> ipfw add 150 deny ip from any to any via epair4a
> 
> And than my jail which uses epair4b does not get any traffic anymore.
> 
> I don't have any other bridge settings apart from:
> net.link.bridge.member_ifaddrs=0   (so no IP address on the bridge members)
> 
> This is running on 16-CURRENT which is of course still similar to 15 
> nowadays.
> 
> Does this help?

Thanks for your answer.
I'll have to check.

Currently I'm on 14.3, where everything still works with an IP on the 
member interface (vlan1).
I'm testing moving the IP on the bridge in preparation for 15.

On 14, I didn't try "deny" as you suggest, but "allow" (via with the 
member interface) does not work.
It's possible 15 is different.

I guess I'll need to put up a VM and make some tests.

  bye & Thanks
	av.