Hi,
I am trying to implement a MAC filter, based on OpenBSD Bridging facilities.
One can read in BRCONFIG(8) man page:
rule [rulespec]
Add a filtering rule to an interface. Rules have a similar syn-
tax to those in pf.conf(5). Rules can be used to selectively
block or pass frames based on Ethernet MAC addresses. They can
also tag packets for pf(4) to filter on. Rules are processed in
the order in which they were added to the interface, and the
first rule matched takes the action (block or pass) and, if giv-
en, the tag of the rule. If no source or destination address is
specified, the rule will match all frames (good for creating a
catchall policy).
What is bothering me is the sentence:
Rules are processed in the order in which they were added to the interface,
and the first rule matched takes the action ...
Does this really mean that no hash function is used? I mean if I have 20000
MAC Addresses and want to check **each packet** against this list serially,
I suppose I had better forget about it!
Thanks for any ideas and/or experiences to share.
Regards,
Amir
