On Thu, 29 May 2003, Richard Rauch wrote:

> I was reading options(4) on -current today and saw something that I
> don't remember hearing about: Bridge and packet filtering.
>
> My understanding was that the bridge (in releases) does not support
> filtering.
>
> If I read the -current man page correctly and understand the purpose of
> bridge, does this mean that it is possible in -current to install a
> firewall that does not consume any IP addresses?

Correct. I know the man page for brconfig mentions ipfilter support,
but it wont work unless you have a kernel compiled with "option
BRIDGE_IPF".

In fact, thats what I have running in front of my machines at home now. my
dsl modem plugs into tlp0 which bridges with tlp1 which plugs into an 8
port switch for my home lan.

Ron