FreeBSD Mail Archives

Date:      Fri, 18 Nov 2005 15:50:42 +0100 (CET)
From:      Csaba Urban <ucsaba@freemail.hu>
To:        freebsd-net@freebsd.org
Subject:   PF rule on bridged interface won't match
Message-ID:  <freemail.20051018155042.52205@fm12.freemail.hu>

next in thread | raw e-mail | index | archive | help


Hi,

I can't have packets match on PF rules on a member of if_bridge if it is 
not bridged but comes from an other IP interface. Bridged packets 
match correctly.

bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffffe0
        ether ac:de:48:af:bc:8f
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: vlan3 flags=3<LEARNING,DISCOVER>
        member: vlan2 flags=3<LEARNING,DISCOVER>
        member: vlan1 flags=3<LEARNING,DISCOVER>

PF rule:
pass in on vlan1 all
pass out on vlan1 all

This rule matches only if traffic is bridged (goes directly layer2 from 
vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from 
there then it won't match.
The appropriate sysctls (net.link.bridge.pfil_member and 
net.link.bridge.pfil_bridge) are set.

Any ideas?


csaba


_______________________________________________________________________
Rendelj k�pet �s nyerj�l g�pet a T-Online Fot�t�r�val december 15-ig.
http://www.t-online.hu

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?freemail.20051018155042.52205>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation