/freebsd/sbin/ifconfig/ |
H A D | ifbridge.c | 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson)
|
H A D | ifconfig.8 | 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson)
|
/freebsd/sys/net/ |
H A D | if_bridgevar.h | 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson)
|
H A D | if_bridge.c | 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson) 85ce7297 Wed Aug 01 00:33:52 GMT 2007 Andrew Thompson <thompsa@FreeBSD.org> Add a bridge interface flag called PRIVATE where any private port can not communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other.
Approved by: re (rwatson)
|