i have problems with pf on a openbsd 3.3-stable ethernet bridge. my setup:
(lan_A)-----( if_A: noIP )-|bridge|-( if_B: ip_B )----(lan_B)
IP datagram from (lan_A) to ip_B First appearance of the ip datagram within pf is: IN if_B (!)
IP comes in a ethernet frame with dst mac for if_A and can only arrive on if_A due cabling.
Why would the destination MAC be for if_A? Normal ARP should respond with if_B's MAC over the bridge.
Inside pf i can't decide if the ip datagram has arrived on if_A or if_B
it would be great if i can write pf rules depending on the interface the ip datagrams arrive as mac and ip adresses are spoofable ;)
The bridge causes an internal transit to the interface matching the destination MAC address prior to filtering and upper-layer processing. I don't know of a way around this.
