Subject: Re: transparent filtering and bridge(4)?
To: None <firstname.lastname@example.org>
From: William Waites <email@example.com>
Date: 02/12/2002 00:31:32
On Mon, Feb 11, 2002 at 10:19:13PM -0600, Paul Dokas wrote:
> Personally, I'd settle for the OpenBSD sol'n of just passing the bridged
> traffic through IPFilter. However, I think that a much better solution
> would be something like the ZPC that Jason Thorpe was once working on:
Actually, the bridge code was ported from OpenBSD -- Jason Thorpe did
most of the work. The BPF code was apparently taken out at that time,
although I'm not certain why. I don't believe it would be very difficult
to add it back in unless there's a particular reason not to. BPF in
a bridge might in any case be a compile time option in order not to
adversely affect performance.
Filtering L3 packets in L2 seems kind of dubious. Is there not another
way around the problem?