On Monday, May 19, 2025 6:09:08 PM UTC Patrick M. Hausen wrote: > Hi all, > > > Am 19.05.2025 um 19:28 schrieb Paul Vixie <p...@redbarn.org>: > > > > If we move all member ifaddrs to the bridge itself, then will arp requests > > always have to be broadcast on all member interfaces? If so this is > > intolerable from a security perspective, a complete nonstarter. > I am not quite sure I follow. > > A bridge by definition creates a single broadcast domain > so any frame with a layer 2 broadcast destination address > must necessarily be flooded to all member ports.
thanks for reminding me that bridges don't have supernets. sorry for the noise. -- Paul Vixie
