Date: Sun, 20 Nov 2005 09:33:37 +1300 From: Andrew Thompson <thompsa@freebsd.org> To: Csaba Urban <ucsaba@freemail.hu> Cc: freebsd-net@freebsd.org Subject: Re: PF rule on bridged interface won't match Message-ID: <20051119203337.GA804@heff.fud.org.nz> In-Reply-To: <freemail.20051018155042.52205@fm12.freemail.hu> References: <freemail.20051018155042.52205@fm12.freemail.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 18, 2005 at 03:50:42PM +0100, Csaba Urban wrote: > Hi, > > I can't have packets match on PF rules on a member of if_bridge if it is > not bridged but comes from an other IP interface. Bridged packets > match correctly. > > bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.1 netmask 0xffffffe0 > ether ac:de:48:af:bc:8f > priority 32768 hellotime 2 fwddelay 15 maxage 20 > member: vlan3 flags=3<LEARNING,DISCOVER> > member: vlan2 flags=3<LEARNING,DISCOVER> > member: vlan1 flags=3<LEARNING,DISCOVER> > > PF rule: > pass in on vlan1 all > pass out on vlan1 all > > This rule matches only if traffic is bridged (goes directly layer2 from > vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from > there then it won't match. This is how its currently implemented. You can match locally generated packets on the bridge0 interface, is that sufficient for your setup? Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051119203337.GA804>