Andrew Thompson <[EMAIL PROTECTED]> wrote: > On Sat, Apr 15, 2006 at 11:53:52AM +0200, Fabian Keil wrote: > > "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > > > > > On Friday 14 April 2006 21:37, Fabian Keil wrote: > > > > > > Depending on your firewall setup you might have to disable > > > > some of the net.link.bridge sysctls as well. > > > > > > I don't have any firewalls in the kernel for simplicity at this stage. > > > > If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip > > then. From the if_bridge man page: > > > > |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to > > | pass when packet filtering is enabled > > (subject to > > | firewall rules), set to 0 to unconditionally > > | pass all non-IP Ethernet frames. > > > > It's enabled by default. > > It may not be entirely clear from the description but that sysctl only > has affect when packet filtering is enabled, both for the on and off > values. > > At present there are only pfil(9) hooks for IP and IPv6 filters, the > knob contols what happens when filtering is enabled and the packet is > not IP so wont be inspected, is it passed or dropped. > > I'll try and clarify the man page.
Thanks. I always interpreted the sentence as "Set to 1 to allow IP packets to pass only if packet filtering is enabled". I thought it should prevent the user from creating an unfiltered bridge by accident. Another thing regarding the man page: The example section has the following sentence "Such a con- figuration could be used to implement a simple 802.11-to-Ethernet bridge (assuming the 802.11 interface is in ad-hoc mode)." I don't get the meaning of the ad-hoc mode part. In my tests if_bridge worked in hostap mode as well, but failed in infrastructure mode. Could you clarify if (or why not) bridging in infrastructure mode should work? Fabian -- http://www.fabiankeil.de/
signature.asc
Description: PGP signature
