Date: Fri, 05 Sep 2008 22:00:28 -0400 From: Michael Proto <mike@jellydonut.org> To: FreeBSD Current <freebsd-current@freebsd.org> Subject: sysctls and if_bridge Message-ID: <48C1E43C.1010902@jellydonut.org>
next in thread | raw e-mail | index | archive | help
Ran into a strange problem the other day, hoping someone can shed some light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a strange thing with my if_bridge interface. It appears as though the sysctls for determining where to enable/disable filtering don't seem to be working. My router has an IP, 1.2.3.4/24 on its vr2 interface, which is bridged to a second vr1 interface for my 3 other static IPs. /etc/rc.conf: ifconfig_vr2="inet 1.2.3.4 netmask 255.255.255.0" ifconfig_vr1="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm vr2 addm vr1 up" /etc/sysctl.conf: net.link.bridge.pfil_member=1 net.link.bridge.pfil_bridge=0 Based on what I've read from the man pages (and how it worked before), this should enable filtering on the vr2 and vr1 interfaces, and not the bridge0 interface. After updating to 8-CURRENT 9/02 it appears that these sysctl settings no longer matter, and filtering is enabled on both the bridge and member interfaces. I ultimately had to tweak my /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to reference bridge0 instead. Outbound rules still use vr2, and I've flipped both sysctl settings with no change in behavior. Traffic flows now, but it appears these sysctls are not working as they should, or I'm really missing something. Thanks, Michael Proto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C1E43C.1010902>