Date: Wed, 22 Dec 2021 16:17:57 -0600 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-stable@freebsd.org Subject: missing bridge sysctl options Message-ID: <1cbc314c-f861-0a7f-9bfb-2fc0d0501756@shrew.net>
next in thread | raw e-mail | index | archive | help
Hey Everyone, I went to add a few bridge interfaces to a production firewall today and went to set packet filter options for the interfaces as described in the IF_BRIDGE(4) man page section for 12.2-RELEASE-p7. However, all the pfil net.link.bridge sysctl values are absent on both my firewall hosts ... root@fw1:~ # sysctl -a | grep bridge dev.isab.0.%desc: PCI-ISA bridge dev.ahciem.0.%desc: AHCI enclosure management bridge dev.hostb.1.%desc: Host to PCI bridge dev.hostb.0.%desc: Host to PCI bridge dev.pcib.7.%desc: ACPI PCI-PCI bridge dev.pcib.6.%desc: ACPI PCI-PCI bridge dev.pcib.5.%desc: ACPI PCI-PCI bridge dev.pcib.4.%desc: ACPI PCI-PCI bridge dev.pcib.3.%desc: ACPI PCI-PCI bridge dev.pcib.2.%desc: ACPI PCI-PCI bridge dev.pcib.1.%desc: ACPI PCI-PCI bridge dev.pcib.0.%desc: ACPI Host-PCI bridge dev.netmap.bridge_batch: 1024 Not sure whats going on here as the man page states there should be options here to control this ... PACKET FILTERING Packet filtering can be used with any firewall package that hooks in via the pfil(9) framework. When filtering is enabled, bridged packets will pass through the filter inbound on the originating interface, on the bridge interface and outbound on the appropriate interfaces. Either stage can be disabled. The filtering behaviour can be controlled using sysctl(8): ... net.link.bridge.pfil_member Set to 1 to enable filtering on the incoming and outgoing member interfaces, set to 0 to disable it. net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface, set to 0 to disable it. ... I also see recent mailing list posts that make mention of using these options on 12.2-RELEASE, so I don't think it's normal. Any ideas or suggestions? Thanks, -Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1cbc314c-f861-0a7f-9bfb-2fc0d0501756>