On Thu, Dec 21, 2000 at 12:23:33PM +0100, Mipam wrote:

 > > Can I use IPfilter  in NEtBSD filtering packets between the 2  bridged
 > > interfaces?
 > 
 > If bridging would be implemented it would be possible.

Using IP Filter to filter at the bridge layer is Wrong.  Yes, I know
some other OSs do it, but that doesn't make it right.

That is not to say that filtering at the bridge layer is not a good thing.
I agree that it is, and I have several applications for it, myself.  This
is why I've set forth on implementing a new packet classification/filtering
package that handles things like bridges (and any other type of network
interface) in a sane way.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>