Bridge and PF
Rod
rod at supanet.net.uk
Fri Aug 12 16:15:40 GMT 2005
Unfortunately can't use a beta in the current environment and require
stateful filtering, on this occasion looks like we will be using
OpenBSD, but looking forward to FreeBSD6.0 Release.
On Fri, 2005-08-12 at 16:51, Max Laier wrote:
> On Friday 12 August 2005 17:45, Rod wrote:
> > Found my answer :
> >
> > http://lists.freebsd.org/mailman/htdig/freebsd-pf/2005-April/000984.html
> >
> > >FreeBSD has no support for pf in its bridge code.
> > >Neither has it IPv6 support.
>
> This is not true. As Scott suggested try if_bridge in 6.0 which has both IPv6
> and full pf support. Additionally, pf is supported by the old bridge just
> use the same settings you would use for ipf. The old bridge does not allow
> for stateful filtering however. The same is true for ipf and ipfw with the
> old bridge code.
>
> > On Fri, 2005-08-12 at 16:02, Rod wrote:
> > > Hi,
> > >
> > > Does anyone know if their is a setting similar to that of ipf and ipfw
> > > for setting bridged devices to use a firewall in sysctl e.g.
> > >
> > > for ipfw:
> > >
> > > net.link.ether.bridge.ipfw=1
> > >
> > > for ipf
> > >
> > > net.link.ether.bridge.ipfw=1
> > >
> > > Guessed at net.link.ether.bridge.pf=1 but no such luck. Is this at all
> > > possible with PF on freebsd?
> > >
> > > kind regards
> > >
> > > Rod
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050812/6bac1f7c/attachment.bin
More information about the freebsd-pf
mailing list