> I have a machine with 4 Ethernet ports.  I want to bridge ports 3 and
> 4, route between that net and the net on port 2, and NAT traffic from
> both of those to port 0's network.  In addition, I need assorted access
> controls on the traffic from the bridged net to the port 0 net.  Is it
> possible to do that with either ipfilter or pf?  (The machine currently
> runs 2.0rc5, but I'm willing to switch it to -current if that will
> help.)

From what I understand you want, this shouldn't pose much of a problem at 
all.

Use ifconfig(8) to create a bridge interface then brconfig(8) to add 3 and 
4 to it. Don't forget to bring those interfaces up (3, 4 and the bridge 
interface).

Give one of those interfaces (3 or 4) an IP on that network.

Set up the hosts on that network to route through this IP and the rest is 
all pretty elementary. Don't forget to enable IP forwarding.

You shouldn't have any issues running acls on the other ports with either 
ipf or pf. Same deal with NAT.


-- 
Best Regards,
Patrick Mackey

------------------------------------------
  /"\
  \ /        ASCII Ribbon Campaign
   X          Against HTML Mail
  / \ 
------------------------------------------