Date: Thu, 04 Apr 2013 20:48:17 +0300 From: "wishmaster" <artemrts@ukr.net> To: "Carsten Sonne Larsen" <cs@innolan.dk> Cc: freebsd-pf@freebsd.org Subject: Re: Filtering bridge with pf. Message-ID: <89362.1365097697.16075958140210511872@ffe10.ukr.net> In-Reply-To: <515D8F9D.3080001@innolan.dk> References: <515D8F9D.3080001@innolan.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Original message --- From: "Carsten Sonne Larsen" <cs@innolan.dk> Date: 4 April 2013, 17:49:07 > Hello guy, > > I am using pf to implement a filtering bridge but Im experinces some > strange behaviour from pf. While using tcpdump I get entries like this: > > 16:25:45.998253 rule 2..16777216/0(match): block in on rl0: > 192.168.0.1.32768 > 239.255.255.250.1900: UDP, length 339 > > I am using the keyword *quick* and would expect a certain rule match > instead of rule 2..16777216 > Hi. What is your sysctl's? Below from my production server with 3 NIC's in bridge. I use filtering only on the bridge0 interface. net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 0 net.link.bridge.pfil_bridge: 1 net.link.bridge.pfil_onlyip: 1 and set skip quick on [[members]] in pf.conf.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89362.1365097697.16075958140210511872>