PF on a bridge

To: netbsd-users%netbsd.org@localhost
Subject: PF on a bridge
From: Rich Wales <richw%richw.org@localhost>
Date: Sun, 17 Feb 2008 22:59:39 -0800

Can anyone direct me to a good, COMPREHENSIVE description of how to use
PF on a bridge in NetBSD?

I'm running NetBSD 4.0, using a custom kernel with the following extra
items enabled:  "pf" and "pflog" pseudo-devices; the BRIDGE_IPF option;
and all the ALTQ options.  PF basically appears to work on this box.

I have a transparent bridge configured (with no IP address assigned on
either NIC).  The bridge does pass traffic, and some PF rules work fine
on the bridge, but others simply do not match packets (even though they
should as far as I can imagine).

I've searched the net, but the descriptions of bridges with PF seem
very rudimentary and have not really been all that helpful to me.  I
think I'm doing what these writeups describe, but something is still
not working right, and I need a lot more detail.

So . . . .  Does anyone know of a REALLY good description of bridge
filtering via PF?

By any chance, could the problem be that I'm using the wrong OS?  Does
the proper operation of PF on bridges depend on a newer version of PF
than the one in the 4.0 release of NetBSD?  If I need to switch to
OpenBSD, for example, in order to get a better version of PF, I'll do
that if I have to -- but I'd rather not go to the trouble of doing that
UNLESS there are specific recent improvements in OpenBSD's PF that are
definitely, explicitly known to fix or improve bridge filtering.

--
Rich Wales      ===      Palo Alto, CA, USA      ===     
richw%richw.org@localhost
http://www.richw.org   ===   http://en.wikipedia.org/wiki/User:Richwales

Prev by Date: Re: Change MAC address in 4.0?
Next by Date: Re: Change MAC address in 4.0?
Previous by Thread: NetBSD 4.0 pckbd console on PCEngines ALIX.1C
Next by Thread: Are you working on your Summer of Code application already?
Indexes:

Home | Main Index | Thread Index | Old Index