This diff enables the possibilty of using a mask on bridges rules. I have test it like this :
$ cat /etc/hostname.bridge0 up add re0 add vether0 rule pass out on vether0 src 78:2b:4f:00:00:00 mask ff:ff:ff:00:00:00 tag booz rule block out on vether0 src 78:2b:00:00:00:00 mask ff:ff:00:00:00:00 $ cat /etc/hostname.vether0 inet 172.16.0.2 255.255.0.0 $ cat /etc/hostname.re0 inet 10.15.0.3 255.255.0.0 then from a machine on the 10.15/24 network i add an alias to access 172.16/24 through bridge0 blocking and tagging are ok. Unexpected result: - block on re0 just block everything, not just the bridging (forwarding to vether - this is not dynamic (after a flushrule i cannot block - this is not related to the patch) -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\ [demime 1.01d removed an attachment of type application/octet-stream which had a name of mac-filter.diff]
