sysctls and if_bridge

Michael Proto mike at
Wed Sep 24 14:34:06 UTC 2008

On Fri, Sep 5, 2008 at 10:00 PM, Michael Proto <mike at> wrote:

> Ran into a strange problem the other day, hoping someone can shed some
> light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a strange
> thing with my if_bridge interface. It appears as though the sysctls for
> determining where to enable/disable filtering don't seem to be working.
> My router has an IP, on its vr2 interface, which is bridged
> to a second vr1 interface for my 3 other static IPs.
> /etc/rc.conf:
> ifconfig_vr2="inet netmask"
> ifconfig_vr1="up"
> cloned_interfaces="bridge0"
> ifconfig_bridge0="addm vr2 addm vr1 up"
> /etc/sysctl.conf:
> Based on what I've read from the man pages (and how it worked before),
> this should enable filtering on the vr2 and vr1 interfaces, and not the
> bridge0 interface. After updating to 8-CURRENT 9/02 it appears that
> these sysctl settings no longer matter, and filtering is enabled on both
> the bridge and member interfaces. I ultimately had to tweak my
> /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to
> reference bridge0 instead. Outbound rules still use vr2, and I've
> flipped both sysctl settings with no change in behavior. Traffic flows
> now, but it appears these sysctls are not working as they should, or I'm
> really missing something.
> Thanks,
> Michael Proto
> _______________________________________________
> freebsd-current at mailing list
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at"

Anyone else seen this? I haven't had much time to look at the code lately
but was hoping at least one other person saw similar behavior with if_bridge
and a recent CURRENT. Or maybe I really am going crazy... ;)


More information about the freebsd-current mailing list