From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:47:15 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id B9A7516A4CF; Thu, 16 Sep 2004 03:47:15 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 3973 invoked by uid 1005); 27 Aug 2003 21:55:14 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 3970 invoked from network); 27 Aug 2003 21:55:14 -0000
Received: from moutng.kundenserver.de (212.227.126.188)
  by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 21:55:14 -0000
Received: from [212.227.126.212] (helo=mxng16.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19s995-0003uN-00
	for max@vampire.homelinux.org; Thu, 28 Aug 2003 00:52:07 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng16.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19s990-0005r4-00
	for max@love2party.net; Thu, 28 Aug 2003 00:52:02 +0200
Received: from turing (localhost [127.0.0.1])ESMTP
	id 2A4C4390C6E; Wed, 27 Aug 2003 17:52:46 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Wed, 27 Aug 2003 17:52:41 -0500 (EST)
Delivered-To: pf4freebsd@freelists.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186])ESMTP id DD95F390D9E
	for <pf4freebsd@freelists.org>; Wed, 27 Aug 2003 17:52:40 -0500 (EST)
Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19s98n-00022u-00
	for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:51:49 +0200
Received: from [217.83.8.211] (helo=max900)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 19s98n-0003La-00
	for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:51:49 +0200
Message-ID: <01a901c36cee$09bd6810$01000001@max900>
From: "Max Laier" <max@love2party.net>
To: <pf4freebsd@freelists.org>
References: <200308262103.12394.alan@precisionautobody.com>
	<004701c36c53$ed0c0860$01000001@max900>
	<200308262247.46254.alan@precisionautobody.com>
MIME-Version: 1.0
Content-type: text/plain;
  charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-archive-position: 111
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: max@love2party.net
Precedence: normal
X-list: pf4freebsd
X-UID: 222
X-Length: 3303
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000
Subject: [pf4freebsd] Re: Bridging?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:47:15 -0000
X-Original-Date: Thu, 28 Aug 2003 00:53:30 +0200
X-List-Received-Date: Thu, 16 Sep 2004 03:47:15 -0000

That's strange. Can you send output of "pfctl -gvvsa" after some traffic.
Maybe with this ruleset:
>>>>
block in log
block out log
<<<<

If you have time to test a bit, I'd like to send you some debugging code to
run, as I don't have a bridge setup at hand for testing.

Regards,
    Max

> When I do all of that I get a working bridge but it doesn't block anything
> except some port 137 broadcast packets (by watching pftcpdump results as
> recommended).  I can still ping through the bridge both directions and
> connect via ssh through the bridge.
>
> Given the above config shouldn't everything be blocked?  Does anyone see
> something I've done wrong or omitted?