Please carbon copy me on replies.

Peter Postma and I are working on two different documentations briefly 
documenting bridging with PF.[1]

The brconfig command for enabling support for PF is called "ipf". I was 
thinking it could be updated to allow "pf" too.

Peter said I could post the following to the list:

> I think that the argument should be "pfil" and "-pfil" because what really
> happens is enabling and disabling pfil(9) on the bridge.
> 
> The description will then look like:
> 
>   pfil		Enable packet filtering with pfil(9) on the bridge.
> 		The current implementation passes all ARP and RARP packets
> 		through the bridge while filtering IP and ICMP packets through
> 		the configured packet filter.
> 
>   -pfil		Disable packet filtering with pfil(9) on the bridge
> 		(the default).
> 
> But of course we should still accept "ipf" and "-ipf" for backwards
> compatibility.
> 
> We should also rename the option "BRIDGE_IPF" to "BRIDGE_PFIL" or
> "PFIL_BRIDGE". Or we might even get rid of this option completely (default
> is disabled).

Also, related change might be renaming IFBF_FILT_USEIPF, but this seems 
okay as it is. My main concern was in the man page.

And now I see GENERIC kernel configuration comment could be improved and 
brconfig has at least two possible outputs showing "ipfilter" (for status 
or -a output). Maybe these could be more generic (not ipfilter specific).

Would adding "pfil" as a command option for brconfig be okay?

Any comments about this?

I can make the changes and test and submit patches here for review.

Please carbon copy me on replies.

 Jeremy C. Reed

 	  	 	 Media Relations and Publishing Services
	  	 	 http://www.reedmedia.net/

[1] If you'd be interested in reviewing the docs, let me know.