Hi, I'm using OpenBSD 4.5 on a machine with several ethernet interfaces. Since I have to share some cables with other users, two of the ethernet interfaces use VLANs. The VLAN-Ids are fixed (by the network operators leasing the cables and lines).
Since two of those VLANs should build one net, I've setup a bridge. This works fine, and the machines on the one VLAN do see the machines on the other (bridged) VLAN on a layer 2 basis. (I.e. they can ping each other without knowing about a gateway.) Now I want to install a firewall using pf. However, surprising things occour: pings are still passing, but any TCP or UDP traffic is blocked. In order to find the matching rule, I deleted rule by rule. Now, there are no rules at all in pf.conf. I reloaded the rules with pfctrl -f /etc/pf.conf and checked with pfctrl -s r: pf has no rules at all. Anyway, besides ping no traffic is passing between the bridged VLANs. When I stop pf using pfctl -d, traffic is passing without problem. As soon as I restart with pfctl -e, TCP and UDP is blocked again on the bridge. Besides that, pf acts as I would assume. Any ideas? Roger.
