[pf4freebsd] Re: Bridging?

Max Laier max at love2party.net
Wed Sep 15 20:46:55 PDT 2004


bridge.c has PFIL_HOOKS implemented. All you should have to do is:

  # sysctl net.link.ether.bdg_ipf=1

More documentation can be found in the sources:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/bridge.c#rev1.48
Note the part about "This will not work in (...) the bridge.ko module.", you
need built in bridge to make it work.

Best way to test, is to load a ruleset only containing:
block log
and then
$pftcpdump -n -e -ttt -i pflog0
while generating traffic from both sides. This will give you an idea what
filter rules you'll need.

----- Original Message ----- 
From: "Alan Bryan" <alan at precisionautobody.com>
To: <pf4freebsd at freelists.org>
Sent: Wednesday, August 27, 2003 6:03 AM
Subject: [pf4freebsd] Bridging?


> I can't seem to find any information about pf and bridging on FreeBSD.
I've
> got my bridge set up and working but seem to be unable to get pf to block
any
> traffic through the bridge.
>
> Before I waste more time on this has anyone else successfully used pf on a
> FreeBSD bridge?
>
> Thanks,
> Alan
>





More information about the freebsd-pf mailing list