From 09f2498e57220d9c00512076352be6921f59539f Mon Sep 17 00:00:00 2001
From: thompsa <thompsa@FreeBSD.org>
Date: Thu, 29 Dec 2005 09:39:15 +0000
Subject: When pfil(9) is enabled the bridge only considers ETHERTYPE_ARP,
 ETHERTYPE_IP and ETHERTYPE_IPV6 frames. Change this to be a sysctl knob so
 that is able to still bridge non-IP packets if desired.

Also return early if all pfil_* sysctls are turned off, the user obviously does
not want to filter on the bridge.
---
 share/man/man4/if_bridge.4 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'share')

diff --git a/share/man/man4/if_bridge.4 b/share/man/man4/if_bridge.4
index 66ca881..09425f8 100644
--- a/share/man/man4/if_bridge.4
+++ b/share/man/man4/if_bridge.4
@@ -88,7 +88,14 @@ inbound on the originating interface, on the bridge interface and outbound on
 the appropriate interfaces.
 Either stage can be disabled, this behaviour can be controlled using
 .Xr sysctl 8 :
-.Bl -tag -width ".Va net.link.bridge.pfil_member"
+.Bl -tag -width ".Va net.link.bridge.pfil_onlyip"
+.It Va net.link.bridge.pfil_onlyip
+Set to
+.Li 1
+to only allow IP packets to pass when packet filtering is enabled (subject to
+firewall rules), set to
+.Li 0
+to unconditionally pass all non-IP Ethernet frames.
 .It Va net.link.bridge.pfil_member
 Set to
 .Li 1
-- 
cgit v1.1