When pfil(9) is enabled the bridge only considers ETHERTYPE_ARP, ETHERTYPE_IP and

ETHERTYPE_IPV6 frames. Change this to be a sysctl knob so that is able to still bridge non-IP packets if desired. Also return early if all pfil_* sysctls are turned off, the user obviously does not want to filter on the bridge.
author: thompsa <thompsa@FreeBSD.org> 2005-12-29 09:39:15 +0000
committer: thompsa <thompsa@FreeBSD.org> 2005-12-29 09:39:15 +0000
commit: 09f2498e57220d9c00512076352be6921f59539f (patch)
tree: f0bd6f09009d2c92b5cc7c33b5a3e5173720f1e2 /share
parent: 14470d19cdb056fa04457586456f3f82d6e093b9 (diff)
download: FreeBSD-src-09f2498e57220d9c00512076352be6921f59539f.zip
FreeBSD-src-09f2498e57220d9c00512076352be6921f59539f.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/share/man/man4/if_bridge.4 b/share/man/man4/if_bridge.4
index 66ca881..09425f8 100644
--- a/share/man/man4/if_bridge.4
+++ b/share/man/man4/if_bridge.4
@@ -88,7 +88,14 @@ inbound on the originating interface, on the bridge interface and outbound on
 the appropriate interfaces.
 Either stage can be disabled, this behaviour can be controlled using
 .Xr sysctl 8 :
-.Bl -tag -width ".Va net.link.bridge.pfil_member"
+.Bl -tag -width ".Va net.link.bridge.pfil_onlyip"
+.It Va net.link.bridge.pfil_onlyip
+Set to
+.Li 1
+to only allow IP packets to pass when packet filtering is enabled (subject to
+firewall rules), set to
+.Li 0
+to unconditionally pass all non-IP Ethernet frames.
 .It Va net.link.bridge.pfil_member
 Set to
 .Li 1
author	thompsa <thompsa@FreeBSD.org>	2005-12-29 09:39:15 +0000
committer	thompsa <thompsa@FreeBSD.org>	2005-12-29 09:39:15 +0000
commit	09f2498e57220d9c00512076352be6921f59539f (patch)
tree	f0bd6f09009d2c92b5cc7c33b5a3e5173720f1e2 /share
parent	14470d19cdb056fa04457586456f3f82d6e093b9 (diff)
download	FreeBSD-src-09f2498e57220d9c00512076352be6921f59539f.zip FreeBSD-src-09f2498e57220d9c00512076352be6921f59539f.tar.gz