On Mon, Dec 26, 2005 at 12:58:27PM -0500, George Georgalis wrote:
> On Mon, Dec 26, 2005 at 06:43:25PM +0100, Pavel Cahyna wrote:
> >On Mon, Dec 26, 2005 at 12:29:28PM -0500, George Georgalis wrote:
> >> Now I'm working out my first BSD bridge, and I seem to have a
> >> misunderstanding of pf, in this test all traffic but dns should
> >> pass through,
> >> 
> >> if_dmz = fpx0
> >> if_net = fpx1
> >> pass in  quick on $if_dmz all
> >> pass out quick on $if_dmz all
> >> block on $if_net proto { tcp,udp } from any to any port 53
> >> 
> >> but the block rule doesn't seem to stop anything... :-\
> >> What's wrong here?
> >
> >Do you have options BRIDGE_IPF? And do you use "brconfig bridge0 ipf"?
> 
> maybe I need to build a kernel after all? Thanks.

Please report what you find, I'm curious if BRIDGE_IPF works with pf (it
should, but I think it was tested only with IPF).

Pavel Cahyna