The bridge would be a gateway for the hosts which are on member interfaces. I would like to control which IP adresses they can use on a particular interface (i.e. 192.168.1.5 on vlan1, etc.). It seems that it won't work this way.
Anyway, it can be done using the old bridge but I think it would be more convenient if packets destined for/ originated from the bridge itself were also handled to pfil_hooks when entering/leaving member interfaces. Andrew Thompson <[EMAIL PROTECTED]> írta: > On Fri, Nov 18, 2005 at 03:50:42PM +0100, Csaba Urban wrote: > > Hi, > > > > I can't have packets match on PF rules on a member of if_bridge if it is > > not bridged but comes from an other IP interface. Bridged packets > > match correctly. > > > > bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500 > > inet 192.168.1.1 netmask 0xffffffe0 > > ether ac:de:48:af:bc:8f > > priority 32768 hellotime 2 fwddelay 15 maxage 20 > > member: vlan3 flags=3<LEARNING,DISCOVER> > > member: vlan2 flags=3<LEARNING,DISCOVER> > > member: vlan1 flags=3<LEARNING,DISCOVER> > > > > PF rule: > > pass in on vlan1 all > > pass out on vlan1 all > > > > This rule matches only if traffic is bridged (goes directly layer2 from > > vlan1 to vlan2 or vlan3). If it is delivered to the IP layer or it comes from > > there then it won't match. > > This is how its currently implemented. You can match locally generated > packets on the bridge0 interface, is that sufficient for your setup? > > > Andrew > _______________________________________________________________________ Rendelj képet és nyerjél gépet a T-Online Fotótárával december 15-ig. http://www.t-online.hu _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
