Date: Wed, 1 Aug 2007 00:33:52 +0000 (UTC) From: Andrew Thompson <thompsa@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ifconfig ifbridge.c ifconfig.8 src/sys/net if_bridge.c if_bridgevar.h Message-ID: <200708010033.l710XqSq020873@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
thompsa 2007-08-01 00:33:52 UTC
FreeBSD src repository
Modified files:
sbin/ifconfig ifbridge.c ifconfig.8
sys/net if_bridge.c if_bridgevar.h
Log:
Add a bridge interface flag called PRIVATE where any private port can not
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
Revision Changes Path
1.11 +16 -0 src/sbin/ifconfig/ifbridge.c
1.142 +10 -0 src/sbin/ifconfig/ifconfig.8
1.102 +37 -33 src/sys/net/if_bridge.c
1.23 +3 -1 src/sys/net/if_bridgevar.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708010033.l710XqSq020873>