> What's the method by which you folks filter layer 2 traffic? Some of > my methods don't scale well (static arp entries, etc) and was > curious to know if there was working being conducted in this area > for pf, or any other BSD licensed goodies. >
Pf is a layer 3 and 4 packet filter. It doesn't know anything about underlying layers. (And that is actually great!) You should look brconfig(8) for layer 2 filtering on bridge. One can tag traffic flow using brconfig(8), and then apply some pf rules using ``tagged'' keyword. > Thanks. > > - Eric > -- Mike Belopuhov
