Date: Mon, 19 May 2025 18:45:44 +0000 From: Paul Vixie <paul@redbarn.org> To: "Patrick M. Hausen" <hausen@punkt.de> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: HEADS UP: 15.0-CURRENT, change to bridge(4) might break some network configurations with =?UTF-8?B?4oCcSW52YWxpZCBhcmd1bWVudOKAnQ==?= Message-ID: <5888057.DvuYhMxLoT@localhost> In-Reply-To: <A86055C1-4EDF-4C70-915B-38B9812DA669@punkt.de> References: <aCsJDjfCNk5pA59c@ragweed.eden.le-fay.org> <7a54f675-3c39-43a7-8e06-f63857c3bf91@redbarn.org> <A86055C1-4EDF-4C70-915B-38B9812DA669@punkt.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, May 19, 2025 6:09:08 PM UTC Patrick M. Hausen wrote: > Hi all, > > > Am 19.05.2025 um 19:28 schrieb Paul Vixie <paul@redbarn.org>: > > > > If we move all member ifaddrs to the bridge itself, then will arp requests > > always have to be broadcast on all member interfaces? If so this is > > intolerable from a security perspective, a complete nonstarter. > I am not quite sure I follow. > > A bridge by definition creates a single broadcast domain > so any frame with a layer 2 broadcast destination address > must necessarily be flooded to all member ports. thanks for reminding me that bridges don't have supernets. sorry for the noise. -- Paul Vixie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5888057.DvuYhMxLoT>