Date: Tue, 06 Dec 2005 15:11:31 -0500 From: David Pierron <david@wombatsweb.com> To: freebsd-pf@freebsd.org Subject: Re: FBSD6 if_bridge Message-ID: <4395F073.7080804@wombatsweb.com> In-Reply-To: <4395D05B.2070709@wombatsweb.com> References: <43904815.4070805@wombatsweb.com> <43908AB1.7030107@freebsd.org> <43909B86.4050308@wombatsweb.com> <43909F53.4010905@freebsd.org> <4390C868.5010705@wombatsweb.com> <4390EEBE.5090206@freebsd.org> <43918534.7070001@wombatsweb.com> <439256D9.9070201@freebsd.org> <4395D05B.2070709@wombatsweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Pierron on 12/06/2005 12:54 PM wrote: > Couple questions re: if_bridge ... > > Regardless of the order: > > block out log on $ext_if all > block in log on $ext_if all > > I see blocks only coming "in" ... > > 042341 rule 4/0(match): block in on fxp0: xxx.xxx.xxx.xxx.32912 > > my.c.class.xxx.53: 59540 A? www.foo.org. (37) > > It seems to me that the only direction available on the interfaces of > the bridge is "in" ... Is this true? > > If this is the case, does this mean that ALTQ is unavailable using > if_bridge since I've read that ALTQ can only be used on the "out" of > an interface? I answered my own question with a test as suggested by someone on IRC ... I allowed all incoming traffic "in" on $ext_if and blocked all "out" traffic on $int_if ... This showed the "out" rule applied from the $int_if, so this answers my question, it does work as expected ... It seems now that if I add a "pass in" rule for $ext_if that I will also need a "pass out" rule for $int_if ... I can't decide if this is a good or bad thing ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4395F073.7080804>