On Tue, Sep 12, 2006 at 05:04:12PM +0200, Jon Otterholm wrote:
> Hello.
>
> I am trying to limit arp-broadcast between member-IF on a bridge
> (if_bridge) with no luck.
>
> I have the following sysctls set:
>
> net.link.bridge.pfil_member: 1
> net.link.bridge.pfil_bridge: 1
> net.link.bridge.pfil_onlyip: 1
>
> I am using PF for filtering - do I have to use IPFW to limit
> arp-broadcast between memeber-ifs?
See this snippit of code from if_bridge
* (Note that since pfil doesn't understand ARP it will pass *ALL*
* ARP traffic.)
*/
switch (ether_type) {
case ETHERTYPE_ARP:
case ETHERTYPE_REVARP:
return (0); /* Automatically pass */
The only way that you will be able to filter ARP packets is by setting
pfil_onlyip=0, ipfw=1 and use the IPFW layer2 filtering.
cheers,
Andrew
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
