Date: Thu, 11 Sep 2025 16:58:57 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-net@freebsd.org Cc: Ronald Klop <ronald-lists@klop.ws> Subject: Re: Help with bridge and new IP requirements Message-ID: <ebdbed16-044f-40a5-b111-a26245a0a04a@netfence.it> In-Reply-To: <940777963.3060.1757580438384@localhost> References: <24b8c39e-b1a3-4cd3-accc-c86a03e21689@netfence.it> <aMHJxF__hASEVQfe@amaryllis.le-fay.org> <a6cc314a-d742-4af4-9176-0ef1348fe0ad@netfence.it> <940777963.3060.1757580438384@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/11/25 10:47, Ronald Klop wrote: > Hi, > > I can do: > > sysctl net.link.bridge.pfil_member=1 > ipfw add 150 deny ip from any to any via epair4a > > And than my jail which uses epair4b does not get any traffic anymore. > > I don't have any other bridge settings apart from: > net.link.bridge.member_ifaddrs=0 (so no IP address on the bridge members) > > This is running on 16-CURRENT which is of course still similar to 15 > nowadays. > > Does this help? Thanks for your answer. I'll have to check. Currently I'm on 14.3, where everything still works with an IP on the member interface (vlan1). I'm testing moving the IP on the bridge in preparation for 15. On 14, I didn't try "deny" as you suggest, but "allow" (via with the member interface) does not work. It's possible 15 is different. I guess I'll need to put up a VM and make some tests. bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ebdbed16-044f-40a5-b111-a26245a0a04a>