Ran into a strange problem the other day, hoping someone can shed some light on this. Updated 8-CURRENT from 6/14 to 9/02 and noticed a strange thing with my if_bridge interface. It appears as though the sysctls for determining where to enable/disable filtering don't seem to be working. My router has an IP, 1.2.3.4/24 on its vr2 interface, which is bridged to a second vr1 interface for my 3 other static IPs. /etc/rc.conf: ifconfig_vr2="inet 1.2.3.4 netmask 255.255.255.0" ifconfig_vr1="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm vr2 addm vr1 up" /etc/sysctl.conf: net.link.bridge.pfil_member=1 net.link.bridge.pfil_bridge=0 Based on what I've read from the man pages (and how it worked before), this should enable filtering on the vr2 and vr1 interfaces, and not the bridge0 interface. After updating to 8-CURRENT 9/02 it appears that these sysctl settings no longer matter, and filtering is enabled on both the bridge and member interfaces. I ultimately had to tweak my /etc/pf.conf and set all my inbound-from-the-Internet vr2 rules to reference bridge0 instead. Outbound rules still use vr2, and I've flipped both sysctl settings with no change in behavior. Traffic flows now, but it appears these sysctls are not working as they should, or I'm really missing something. Thanks, Michael ProtoReceived on Sat Sep 06 2008 - 00:27:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:34 UTC