On Thu, Jan 12, 2006 at 02:11:10AM +0100, Pavel Cahyna wrote:
>On Wed, Jan 11, 2006 at 02:34:34PM -0800, Jeremy C. Reed wrote:
>> Please carbon copy me on replies.
>> 
>> Peter Postma and I are working on two different documentations briefly 
>> documenting bridging with PF.[1]
>> 
>> The brconfig command for enabling support for PF is called "ipf". I was 
>> thinking it could be updated to allow "pf" too.
>> 
>> Peter said I could post the following to the list:
>> 
>> > I think that the argument should be "pfil" and "-pfil" because what really
>> > happens is enabling and disabling pfil(9) on the bridge.
>> > 
>> > The description will then look like:
>> > 
>> >   pfil		Enable packet filtering with pfil(9) on the bridge.
>> > 		The current implementation passes all ARP and RARP packets
>> > 		through the bridge while filtering IP and ICMP packets through
>> > 		the configured packet filter.
>
>I would say instead:
>
>through the bridge while filtering IP and IPv6 packets through
>the configured packet filter, such as pf(4) or ipf(4). Other packet types
>are blocked.

or...

  pfil     Enable pfil(9) packet filtering on the bridge.  The current
           implementation filters IP and ICMP packets across the bridge
           with the configured packet filter, pf(4) or ipf(4); while ARP
           and RARP packets are passed, unfiltered, through the bridge.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org