On Mon, Dec 26, 2005 at 06:43:25PM +0100, Pavel Cahyna wrote:
>On Mon, Dec 26, 2005 at 12:29:28PM -0500, George Georgalis wrote:
>> Now I'm working out my first BSD bridge, and I seem to have a
>> misunderstanding of pf, in this test all traffic but dns should
>> pass through,
>> 
>> if_dmz = fpx0
>> if_net = fpx1
>> pass in  quick on $if_dmz all
>> pass out quick on $if_dmz all
>> block on $if_net proto { tcp,udp } from any to any port 53
>> 
>> but the block rule doesn't seem to stop anything... :-\
>> What's wrong here?
>
>Do you have options BRIDGE_IPF? And do you use "brconfig bridge0 ipf"?

maybe I need to build a kernel after all? Thanks.

(BTW, I'll try the above rules w/o the quick...)

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org