After reading carefully through the man pages of if_bridge, sysctl's are
now:
net.link.bridge.pfil_onlyip=1
net.link.bridge.pfil_member=1
net.link.bridge.pfil_bridge=1
net.link.bridge.pfil_local_phys=1
net.link.bridge.ipfw=0
net.link.bridge.ipfw_arp=0
Statistics with pftop and "pfctl -vs rules" still shows an accumulated
number of states. Also tcpdump still shows a rule range instead of a
fixed rule number, while pftop shows * in the rule column. Nevertheless,
the bridge seems to work as intended.
On 04/04/2013 19:48, wishmaster wrote:
What is your sysctl's?
Below from my production server with 3 NIC's in bridge. I use
filtering only on the bridge0 interface.
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 1
net.link.bridge.pfil_onlyip: 1
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
