I've set up a machine with the new bridging code, and it's looking good
so far... I can't seem to get ipf to filter any packets though--does the
bridging happen before ipf gets a chance to look at packets?

I have a bridge between ne0 (LAN) and ne1 (crossover cable to DSL
modem), and the following ipf rule:
block in on ne1 proto tcp from any to any flags S/SA

which I think should block any connections from in from the outside
world. However, I'm still able to connect in...

So, is this supposed to work, and if so, how do I make it work? :)
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 25 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++