From owner-freebsd-current@FreeBSD.ORG Wed Sep 24 14:34:06 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75F51106567D for ; Wed, 24 Sep 2008 14:34:06 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183]) by mx1.freebsd.org (Postfix) with ESMTP id 53B158FC2E for ; Wed, 24 Sep 2008 14:34:06 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: by wa-out-1112.google.com with SMTP id n4so31420wag.27 for ; Wed, 24 Sep 2008 07:34:05 -0700 (PDT) Received: by 10.115.47.1 with SMTP id z1mr8136366waj.81.1222265428370; Wed, 24 Sep 2008 07:10:28 -0700 (PDT) Received: by 10.115.90.13 with HTTP; Wed, 24 Sep 2008 07:10:28 -0700 (PDT) Message-ID: <1de79840809240710q5222645ar4549d96a457d7614@mail.gmail.com> Date: Wed, 24 Sep 2008 10:10:28 -0400 From: "Michael Proto" To: "FreeBSD Current" In-Reply-To: <48C1E43C.1010902@jellydonut.org> MIME-Version: 1.0 References: <48C1E43C.1010902@jellydonut.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: sysctls and if_bridge X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2008 14:34:06 -0000 On Fri, Sep 5, 2008 at 10:00 PM, Michael Proto wrote: > Ran into a strange problem the other day, hoping someone can shed some > light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a strange > thing with my if_bridge interface. It appears as though the sysctls for > determining where to enable/disable filtering don't seem to be working. > > My router has an IP, 1.2.3.4/24 on its vr2 interface, which is bridged > to a second vr1 interface for my 3 other static IPs. > > /etc/rc.conf: > ifconfig_vr2="inet 1.2.3.4 netmask 255.255.255.0" > ifconfig_vr1="up" > cloned_interfaces="bridge0" > ifconfig_bridge0="addm vr2 addm vr1 up" > > /etc/sysctl.conf: > net.link.bridge.pfil_member=1 > net.link.bridge.pfil_bridge=0 > > Based on what I've read from the man pages (and how it worked before), > this should enable filtering on the vr2 and vr1 interfaces, and not the > bridge0 interface. After updating to 8-CURRENT 9/02 it appears that > these sysctl settings no longer matter, and filtering is enabled on both > the bridge and member interfaces. I ultimately had to tweak my > /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to > reference bridge0 instead. Outbound rules still use vr2, and I've > flipped both sysctl settings with no change in behavior. Traffic flows > now, but it appears these sysctls are not working as they should, or I'm > really missing something. > > > > Thanks, > Michael Proto > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > Anyone else seen this? I haven't had much time to look at the code lately but was hoping at least one other person saw similar behavior with if_bridge and a recent CURRENT. Or maybe I really am going crazy... ;) Thanks, Proto