On Saturday 13 August 2005 00:40, Jeremie Le Hen wrote: > Hi, > > > This is not true. As Scott suggested try if_bridge in 6.0 which has both > > IPv6 > > and full pf support. Additionally, pf is supported by the old bridge > > just use the same settings you would use for ipf. The old bridge does > > not allow for stateful filtering however. The same is true for ipf and > > ipfw with the old bridge code. > > Does if_bridge generally support PF_HOOKS (thus one can use ipfw), > or is it strictly bound to pf ?
As per if_bridge(4):
When filtering is enabled, bridged packets will pass through the filter
inbound on the originating interface, on the bridge interface and out-
bound on the appropriate interfaces. Either stage can be disabled, this
behaviour can be controlled using sysctl(8):
net.link.bridge.pfil_member Set to 1 to enable filtering on the incoming
and outgoing member interfaces, set to 0 to
disable it.
net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge
interface, set to 0 to disable it.
net.link.bridge.ipfw Set to 1 to enable layer2 filtering with
ipfirewall(4), set to 0 to disable it. This
needs to be enabled for dummynet(4) support.
When ipfw is enabled, pfil_bridge and
pfil_member will be disabled so that IPFW is
not run twice; these can be re-enabled if
desired.
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpYQyXc3EMR3.pgp
Description: PGP signature
