From owner-freebsd-current@FreeBSD.ORG  Wed Sep  1 14:36:21 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 33F2C16A4CE
	for <current@freebsd.org>; Wed,  1 Sep 2004 14:36:21 +0000 (GMT)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 78A4B43D2F
	for <current@freebsd.org>; Wed,  1 Sep 2004 14:36:20 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 95502 invoked from network); 1 Sep 2004 14:34:05 -0000
Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47])
          (envelope-sender <andre@freebsd.org>)
          by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
          for <postfix@sendmail.ru>; 1 Sep 2004 14:34:05 -0000
Message-ID: <4135DE61.2010009@freebsd.org>
Date: Wed, 01 Sep 2004 16:36:17 +0200
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.8a1) Gecko/20040520
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Toxa <postfix@sendmail.ru>
References: <20040901112004.GA2625@laptoxa.toxa.lan>
In-Reply-To: <20040901112004.GA2625@laptoxa.toxa.lan>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: something like net.link.ether.bridge_pf?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2004 14:36:21 -0000

Toxa wrote:
> I guess that pf now cannot be used on bridge, I can't see something
> similar to net.link.ether.bridge_pf (only net.link.ether.bridge_ipfw and
> net.link.ether.bridge_ipf), as the result, my fbsd machine can act as
> bridge, but pf rules actually doesn't work, simply allowing all
> connections.
> Is it possible to use pf on bridge? I want to move my bridge back from obsd to fbsd.

I have a generic PFIL_HOOKS mechnism in the works that will replace the
current direct dispatch into the packet filters with a generic way to
hooks into bridging and ether_input/output.  Although it won't make it
into 5.3R but it should be in 6.0-current soon.

-- 
Andre