Jason R Thorpe wrote:

>
>
>	(1) You can only filter IP.  You want to be able to filter
>	    other things, like Appletalk, etc.
>
>	(2) The way IP Filter expects to have the packet means you
>	    have to do some pretty ugly packet frobbing before passing
>	    it off to the filter.
>
>	(3) If you are also using IP Filter on the host that is
>	    implementing the bridge, you can't use different rule
>	    sets for the host and the bridge.
>

Hmm, how is OpenBSD doing it?  Do they have the same problem?
But I guess they have their own funky packet filter now, so doesn't 
apply to them?

>
>#3 is really the show-stopper.
>
>I'm working on a more generic solution, but it's not as high on my
>priority list as some other things (like getting the MP support for
>the i386 merged down onto the main branch, and some customer porting
>work).
>
Thats completely understandable, MP is more important than this :-).
I'm glad that there is some sort of bridging support in NetBSD though.
I should be able to test this in a few weeks when I have more machines
available.