On Thu, Jan 12, 2006 at 10:44:16AM +0100, Pavel Cahyna wrote:
>On Wed, Jan 11, 2006 at 10:02:57PM -0500, George Georgalis wrote:
>> On Thu, Jan 12, 2006 at 02:11:10AM +0100, Pavel Cahyna wrote:
>> >On Wed, Jan 11, 2006 at 02:34:34PM -0800, Jeremy C. Reed wrote:
>> >> > The description will then look like:
>> >> > 
>> >> >   pfil		Enable packet filtering with pfil(9) on the bridge.
>> >> > 		The current implementation passes all ARP and RARP packets
>> >> > 		through the bridge while filtering IP and ICMP packets through
>> >> > 		the configured packet filter.
>> >
>> >I would say instead:
>> >
>> >through the bridge while filtering IP and IPv6 packets through
>> >the configured packet filter, such as pf(4) or ipf(4). Other packet types
>> >are blocked.
>> 
>> or...
>> 
>>   pfil     Enable pfil(9) packet filtering on the bridge.  The current
>>            implementation filters IP and ICMP packets across the bridge
>>            with the configured packet filter, pf(4) or ipf(4); while ARP
>>            and RARP packets are passed, unfiltered, through the bridge.
>
>This fails to mention IPv6 and does not tell explicitely that other
>non-IP, non-(R)ARP packets are blocked. Also, the configured packet filter
>may be something else than pf or ipf, contrary to what your formulation
>implies. (True, there is no other packet filter available, but if you
>write a custom one, it should Just Work.)

I just forgot "other types" and I don't know what happens with ipv6..

 pfil   Enable pfil(9) packet filtering on the bridge.  The current
        implementation filters IP and ICMP packets through the bridge
        with the configured packet filter: pf(4), ipf(4) or your own;
        other non-IP, non-(R)ARP packets are blocked, while ARP and RARP
        packets are passed, unfiltered, through the bridge.

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org