docs/96127: add hint to pass arp packets through filtering bridge to advanced-networking doc

[Toni Schmidbauer]

>Number:         96127
>Category:       docs
>Synopsis:       add hint to pass arp packets through filtering bridge to advanced-networking doc
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 21 08:40:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Toni Schmidbauer
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
stderror.at
>Environment:
System: FreeBSD skunk.user.lan.at 6.0-STABLE FreeBSD 6.0-STABLE #0: Thu Nov 10 20:29:49 CET 2005 root at skunk.user.lan.at:/usr/obj/usr/src/sys/alpha i386


>Description:
	currently it is stated in the advanced networking section in
	the handbook to add IPFIREWALL_DEFAULT_TO_ACCEPT to allow arp through a
	filtering bridge. this is not false, but there's a better way
	to do it. 

>How-To-Repeat:
	
>Fix:

diff -u handbook/advanced-networking/chapter.sgml.orig handbook/advanced-networking/chapter.sgml
--- handbook/advanced-networking/chapter.sgml.orig      Fri Apr 21 09:31:35 2006
+++ handbook/advanced-networking/chapter.sgml   Fri Apr 21 09:41:11 2006
@@ -1919,6 +1919,14 @@
          changes the default rule for the firewall to accept any packet.
          Make sure you know how this changes the meaning of your ruleset
          before you set it.</para>
+
+       <para>One other way to allow only arp packets through a filtering bridge,
+         is to add the following firewall rule:
+
+         <programlisting>ipfw add allow mac-type arp layer2<programmlisting>
+
+         so you do not have to set <literal>IPFIREWALL_DEFAULT_TO_ACCEPT</literal>.
+       <para>
       </sect3>
 
       <sect3>
>Release-Note:
>Audit-Trail:
>Unformatted: