On Tue, 18 Feb 2003, Pavel Cahyna wrote:
> > Looks like I asked at the right time then!
> > 
> > Now, what's people feeling about how easy it will be to manually pull
> > these changes into 1.6?
> 
> OK. Here are (hopefully) deatailed instructions on backporting it to
> 1.6.
> ### Procedure for backporting the firewall on bridge(4) to NetBSD 1.6 .
> ### supposes you have kernel sources in /usr/src/sys .
[snip]

Pavel, thanks very much. That worked absolutely perfectly and without any
of that tedious renumbering of machines over which I had no control. ;-)

To summarize, the NetBSD box now sits with two interfaces; one connected
to the router and one connected to the inside network. The two interfaces
are bridged, but firewalled so that no traffic from inside can go outside
(and vice versa) unless explicitly allowed. No machines needed
reconfiguring, I'm happy and the customer is _extremely_ happy. Another
win for NetBSD.

Thanks to everyone,

-- 
Stephen