From owner-freebsd-pf@FreeBSD.ORG Wed Mar 17 13:55:19 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3F63106566C; Wed, 17 Mar 2010 13:55:18 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by mx1.freebsd.org (Postfix) with ESMTP id 75A1C8FC25; Wed, 17 Mar 2010 13:55:15 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so532880fga.13 for ; Wed, 17 Mar 2010 06:55:15 -0700 (PDT) Received: by 10.87.1.12 with SMTP id d12mr894947fgi.78.1268834114866; Wed, 17 Mar 2010 06:55:14 -0700 (PDT) Received: from kkPC (76-10-166-187.dsl.teksavvy.com [76.10.166.187]) by mx.google.com with ESMTPS id p17sm11047357fka.39.2010.03.17.06.55.13 (version=SSLv3 cipher=RC4-MD5); Wed, 17 Mar 2010 06:55:13 -0700 (PDT) From: "kevin" To: "'Daniel Hartmeier'" References: <4B8E4850.1060104@zirakzigil.org> <4B9EA5A2.4010900@zirakzigil.org> <00bc01cac53d$a92f0b70$fb8d2250$@com> <20100317081256.GA21633@insomnia.benzedrine.cx> In-Reply-To: <20100317081256.GA21633@insomnia.benzedrine.cx> Date: Wed, 17 Mar 2010 09:55:05 -0400 Message-ID: <012301cac5d9$73d933f0$5b8b9bd0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcrFqapAZS1LXGAFSDCzr+tCp/O1dwAL5TUg Content-Language: en-us Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: RE: PF + BRIDGE + PFSYNC causes system freezing X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2010 13:55:19 -0000 >What are your settings for > > $ sysctl -a | grep bridge.pfil #bridge options net.link.bridge.pfil_onlyip=1 net.link.bridge.pfil_member=1 net.link.bridge.pfil_bridge=0 > Have you tried filtering only on one of the physical bridge interfaces, > with net.link.bridge.pfil_bridge=0 and set skip on { lo0, bridge0, em1 }? I've only been filtering on one of the bridge interfaces , however I have not 'set skip on' the other interfaces. I will try that.