This came through to me from the list with “no content”, so I’m trying again.
——————————
My box has three interfaces, dc0 to manage, em0 and em1 for bridging external
LAN to internal LAN.
hostname.em0: up
hostname.em1: up
hostname.bridge0: add em0 add em1 up
Bridge works, traffic flows across no problem.
Add filtering.
pf.conf:
filtered = "{ em1 }”
not_filtered = "{ lo, dc0, em0, bridge0 }”
block log on $filtered
set skip on $not_filtered
`doas pfctl -sr`
block drop log on em1 all
`tcpdump -nettti pflog0` shows lots of filtered packets. Traffic is blocked.
-But-
make one simple change to filter on the bridge0 interface—
pf.conf:
filtered = "{ bridge0 }”
not_filtered = "{ lo, dc0, em0, em1 }”
block log on $filtered
set skip on $not_filtered
`doas pfctl -sr`
block drop log on bridge0 all
traffic is NOT blocked and everything flows right on through. (!?)
`tcpdump -nettti pflog0` shows no packets being filtered.
Am I overlooking something?
E
