> 
> MLH wrote / skrev:
> 
> > Just creating the bridge results in blocking (at least) tcp packets.
> 
> Perhaps a dumb question but are you defaulting to deny for tcp?
> You probably have to create rules for the bridge interface as well in 
> that case.

Perhaps a dumb answer, but how would one do that outside of ipfilter?
And why would it work for only certain nics?

If you mean does one have to create ipf rules for the bridge
interface, then no, you can only specify ipf interface rules using
a network interface and not a bridge interface.