Filtering bridge with pf.
wishmaster
artemrts at ukr.net
Thu Apr 4 18:07:25 UTC 2013
--- Original message ---
From: "Carsten Sonne Larsen" <cs at innolan.dk>
Date: 4 April 2013, 17:49:07
> Hello guy,
>
> I am using pf to implement a filtering bridge but Im experinces some
> strange behaviour from pf. While using tcpdump I get entries like this:
>
> 16:25:45.998253 rule 2..16777216/0(match): block in on rl0:
> 192.168.0.1.32768 > 239.255.255.250.1900: UDP, length 339
>
> I am using the keyword *quick* and would expect a certain rule match
> instead of rule 2..16777216
>
Hi.
What is your sysctl's?
Below from my production server with 3 NIC's in bridge. I use filtering only on the bridge0 interface.
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 1
net.link.bridge.pfil_onlyip: 1
and set skip quick on [[members]] in pf.conf.
More information about the freebsd-pf
mailing list