Allow additional packet filtering on the physical interface for locally

destined packets, disabled by default. PR: kern/116051 Submitted by: Eygene Ryabinkin Approved by: re (bmah) MFC after: 2 weeks
author: thompsa <thompsa@FreeBSD.org> 2007-09-16 21:09:15 +0000
committer: thompsa <thompsa@FreeBSD.org> 2007-09-16 21:09:15 +0000
commit: 1498d5a44d5bf57a91f76520cd6dc26d0a2dc269 (patch)
tree: 88fb02daca4e1b5da69c8211cb48c382b00c2bd1 /share/man/man4/if_bridge.4
parent: ad840660932b3ea60a4a7a995abe548ca1df57d0 (diff)
download: FreeBSD-src-1498d5a44d5bf57a91f76520cd6dc26d0a2dc269.zip
FreeBSD-src-1498d5a44d5bf57a91f76520cd6dc26d0a2dc269.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/share/man/man4/if_bridge.4 b/share/man/man4/if_bridge.4
index 6daf89c..8fdc09b 100644
--- a/share/man/man4/if_bridge.4
+++ b/share/man/man4/if_bridge.4
@@ -185,6 +185,13 @@ to enable filtering on the bridge interface, set
 to
 .Li 0
 to disable it.
+.It Va net.link.bridge.pfil_local_phys
+Set to
+.Li 1
+to additionally filter on the physical interface for locally destined packets.
+Set to
+.Li 0
+to disable this feature.
 .It Va net.link.bridge.ipfw
 Set to
 .Li 1
@@ -310,7 +317,9 @@ that are doing IP-forwarding; in some of such cases it is better
 to assign the IP address only to the
 .Nm
 interface and not to the bridge members.
-But your mileage may vary.
+Enabling
+.Va net.link.bridge.pfil_local_phys
+will let you do the additional filtering on the physical interface.
 .Sh EXAMPLES
 The following when placed in the file
 .Pa /etc/rc.conf
author	thompsa <thompsa@FreeBSD.org>	2007-09-16 21:09:15 +0000
committer	thompsa <thompsa@FreeBSD.org>	2007-09-16 21:09:15 +0000
commit	1498d5a44d5bf57a91f76520cd6dc26d0a2dc269 (patch)
tree	88fb02daca4e1b5da69c8211cb48c382b00c2bd1 /share/man/man4/if_bridge.4
parent	ad840660932b3ea60a4a7a995abe548ca1df57d0 (diff)
download	FreeBSD-src-1498d5a44d5bf57a91f76520cd6dc26d0a2dc269.zip FreeBSD-src-1498d5a44d5bf57a91f76520cd6dc26d0a2dc269.tar.gz