In message <v6emtngg19.fsf@kechara.lh.vix.com>  Michael Graff wrote:
> Stefan Grefen <grefen@hprc.tandem.com> writes:
> 
> > Hmm man 5 ipf says there is the "to" keyword which allows you to switch
> > packets directly to an interface bypassing the routing code.
> > (this -current )
> > 
> > This should do the trick for IP-based protocols. 
> 
> Except that the NetBSD machine won't usually get the packets unless you
> also fake ARP requests.  And now you're not a bridge, or at least not
> a transparent one.

In this case the machine is can be an IP-router and bridge for non ip stuff.
The non-ip packets you get with bpf and promiscous mode.
BTW I wouldn't bridge arp anyway if I had configure a firewall ...

Stefan


> 
> --Michael

--
Stefan Grefen                                Tandem Computers Europe Inc.
grefen@hprc.tandem.com                       High Performance Research Center
 --- Hacking's just another word for nothing left to kludge. ---