From owner-cvs-src@FreeBSD.ORG  Wed Aug  1 00:33:52 2007
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EB58E16A419;
	Wed,  1 Aug 2007 00:33:52 +0000 (UTC)
	(envelope-from thompsa@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E38D213C45A;
	Wed,  1 Aug 2007 00:33:52 +0000 (UTC)
	(envelope-from thompsa@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l710XqY4020874;
	Wed, 1 Aug 2007 00:33:52 GMT
	(envelope-from thompsa@repoman.freebsd.org)
Received: (from thompsa@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l710XqSq020873;
	Wed, 1 Aug 2007 00:33:52 GMT (envelope-from thompsa)
Message-Id: <200708010033.l710XqSq020873@repoman.freebsd.org>
From: Andrew Thompson <thompsa@FreeBSD.org>
Date: Wed, 1 Aug 2007 00:33:52 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sbin/ifconfig ifbridge.c ifconfig.8 src/sys/net
 if_bridge.c if_bridgevar.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2007 00:33:53 -0000

thompsa     2007-08-01 00:33:52 UTC

  FreeBSD src repository

  Modified files:
    sbin/ifconfig        ifbridge.c ifconfig.8 
    sys/net              if_bridge.c if_bridgevar.h 
  Log:
  Add a bridge interface flag called PRIVATE where any private port can not
  communicate with another private port.
  
  All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
  same way as using firewall rules but scales better and is generally easier as
  firewall packages usually do not allow ARP blocking.
  
  An example usage would be having a number of customers on separate vlans
  bridged with a server network. All the vlans are marked private, they can all
  communicate with the server network unhindered, but can not exchange any
  traffic whatsoever with each other.
  
  Approved by:    re (rwatson)
  
  Revision  Changes    Path
  1.11      +16 -0     src/sbin/ifconfig/ifbridge.c
  1.142     +10 -0     src/sbin/ifconfig/ifconfig.8
  1.102     +37 -33    src/sys/net/if_bridge.c
  1.23      +3 -1      src/sys/net/if_bridgevar.h