cvs commit: src/sbin/ifconfig ifbridge.c ifconfig.8 src/sys/net
if_bridge.c if_bridgevar.h
Andrew Thompson
thompsa at FreeBSD.org
Wed Aug 1 00:33:53 UTC 2007
thompsa 2007-08-01 00:33:52 UTC
FreeBSD src repository
Modified files:
sbin/ifconfig ifbridge.c ifconfig.8
sys/net if_bridge.c if_bridgevar.h
Log:
Add a bridge interface flag called PRIVATE where any private port can not
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
Revision Changes Path
1.11 +16 -0 src/sbin/ifconfig/ifbridge.c
1.142 +10 -0 src/sbin/ifconfig/ifconfig.8
1.102 +37 -33 src/sys/net/if_bridge.c
1.23 +3 -1 src/sys/net/if_bridgevar.h
More information about the cvs-all
mailing list