Site Navigation

Date:      Fri, 18 Nov 2005 15:50:42 +0100 (CET)
From:      Csaba Urban <ucsaba@freemail.hu>
To:        freebsd-net@freebsd.org
Subject:   PF rule on bridged interface won't match
Message-ID:  <freemail.20051018155042.52205@fm12.freemail.hu>

---

next in thread | raw e-mail | index | archive | help

---

Hi,

I can't have packets match on PF rules on a member of if_bridge if it is=20
not bridged but comes from an other IP interface. Bridged packets=20
match correctly.

bridge0: flags=3D8041<UP,RUNNING,MULTICAST> mtu 1500
        inet 192.168.1.1 netmask 0xffffffe0
        ether ac:de:48:af:bc:8f
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: vlan3 flags=3D3<LEARNING,DISCOVER>
        member: vlan2 flags=3D3<LEARNING,DISCOVER>
        member: vlan1 flags=3D3<LEARNING,DISCOVER>

PF rule:
pass in on vlan1 all
pass out on vlan1 all

This rule matches only if traffic is bridged (goes directly layer2 from=20
vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes fr=
om=20
there then it won't match.
The appropriate sysctls (net.link.bridge.pfil_member and=20
net.link.bridge.pfil_bridge) are set.

Any ideas?


csaba
=0A=0A_____________________________________________________________________=
__=0ARendelj k=E9pet =E9s nyerj=E9l g=E9pet a T-Online Fot=F3t=E1r=E1val de=
cember 15-ig.=0Ahttp://www.t-online.hu=0A=0A

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?freemail.20051018155042.52205>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact