After reading carefully through the man pages of if_bridge, sysctl's are
now:
net.link.bridge.pfil_onlyip=1
net.link.bridge.pfil_member=1
net.link.bridge.pfil_bridge=1
net.link.bridge.pfil_local_phys=1
net.link.bridge.ipfw=0
net.link.bridge.ipfw_arp=0
Statistics with pftop and "pfctl -vs rules"
Thanks for the replies.
I also run a 3 NIC setup. I do the filtering on interfaces to control
directions, eg. what goes in and what goes out.
The sysctl are:
net.link.bridge.pfil_bridge=1
net.link.bridge.pfil_member=1
Im not sure why I didnt add the two other lines. I think I followed chapter
On Thu, Apr 4, 2013 at 9:56 PM, Thomas Steen Rasmussen
wrote:
> On 04-04-2013 16:35, Carsten Sonne Larsen wrote:
>>
>> I am using the keyword *quick* and would expect a certain rule match
>> instead of rule 2..16777216
>>
>
> It has been like this since FreeBSD 9 I believe, and the situation
> is
On 04-04-2013 16:35, Carsten Sonne Larsen wrote:
>
> I am using the keyword *quick* and would expect a certain rule match
> instead of rule 2..16777216
>
It has been like this since FreeBSD 9 I believe, and the situation
is the same in the new smp pf from head. I don't know what causes
it, but jus
Without seeing the ruleset in question it's hard to say, but if rule 2 also
uses the quick keyword, then it won't reach the certain expected rule you
mention. Again, hard to say without seeing at least rule 2 and the expected
rule, and better the whole ruleset.
On Thu, Apr 4, 2013 at 10:35 AM, Ca
--- Original message ---
From: "Carsten Sonne Larsen"
Date: 4 April 2013, 17:49:07
> Hello guy,
>
> I am using pf to implement a filtering bridge but Im experinces some
> strange behaviour from pf. While using tcpdump I get entries like this:
>
> 16:25:45.998253 rule 2..16777216/0(match):
Hello guy,
I am using pf to implement a filtering bridge but Im experinces some
strange behaviour from pf. While using tcpdump I get entries like this:
16:25:45.998253 rule 2..16777216/0(match): block in on rl0:
192.168.0.1.32768 > 239.255.255.250.1900: UDP, length 339
I am using the keywor
