On Fri, Nov 18, 2005 at 03:50:42PM +0100, Csaba Urban wrote: > Hi, > > I can't have packets match on PF rules on a member of if_bridge if it is > not bridged but comes from an other IP interface. Bridged packets > match correctly. > > bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.1 netmask 0xffffffe0 > ether ac:de:48:af:bc:8f > priority 32768 hellotime 2 fwddelay 15 maxage 20 > member: vlan3 flags=3<LEARNING,DISCOVER> > member: vlan2 flags=3<LEARNING,DISCOVER> > member: vlan1 flags=3<LEARNING,DISCOVER> > > PF rule: > pass in on vlan1 all > pass out on vlan1 all > > This rule matches only if traffic is bridged (goes directly layer2 from > vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from > there then it won't match.
This is how its currently implemented. You can match locally generated packets on the bridge0 interface, is that sufficient for your setup? Andrew _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
