diff options
author | thompsa <thompsa@FreeBSD.org> | 2007-08-01 00:33:52 +0000 |
---|---|---|
committer | thompsa <thompsa@FreeBSD.org> | 2007-08-01 00:33:52 +0000 |
commit | aa0911f2041ef5f70ebe1165b72029c30c030427 (patch) | |
tree | 5374e51582956994e2fe77a4be88a5b6059ab5f0 /sys/net/if_bridgevar.h | |
parent | 465b2caeed873f769899aeb76aedc4d62b20a72e (diff) | |
download | FreeBSD-src-aa0911f2041ef5f70ebe1165b72029c30c030427.zip FreeBSD-src-aa0911f2041ef5f70ebe1165b72029c30c030427.tar.gz |
Add a bridge interface flag called PRIVATE where any private port can not
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
Diffstat (limited to 'sys/net/if_bridgevar.h')
-rw-r--r-- | sys/net/if_bridgevar.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/if_bridgevar.h b/sys/net/if_bridgevar.h index 8097cd9..ddd8ce7 100644 --- a/sys/net/if_bridgevar.h +++ b/sys/net/if_bridgevar.h @@ -142,9 +142,11 @@ struct ifbreq { #define IFBIF_BSTP_AUTOPTP 0x0100 /* member stp autoptp enabled */ #define IFBIF_BSTP_ADMEDGE 0x0200 /* member stp admin edge enabled */ #define IFBIF_BSTP_ADMCOST 0x0400 /* member stp admin path cost */ +#define IFBIF_PRIVATE 0x0800 /* if is a private segment */ #define IFBIFBITS "\020\001LEARNING\002DISCOVER\003STP\004SPAN" \ - "\005STICKY\006EDGE\007AUTOEDGE\010PTP\011AUTOPTP" + "\005STICKY\014PRIVATE\006EDGE\007AUTOEDGE\010PTP" \ + "\011AUTOPTP" #define IFBIFMASK ~(IFBIF_BSTP_EDGE|IFBIF_BSTP_AUTOEDGE|IFBIF_BSTP_PTP| \ IFBIF_BSTP_AUTOPTP|IFBIF_BSTP_ADMEDGE| \ IFBIF_BSTP_ADMCOST) /* not saved */ |