Bridged IPF Config Example
Kyle Amon,  Page 13
/etc/bridgename.bridge0

  # Configure an ethernet or encapsulation interface (enc(4))
  # bridge(4) via brconfig(8) and bridgename.if(5).  See these
  # man pages for additional information.
  #
  # Before forwarding a frame, the bridge checks to see if the packet
  # contains an ip(4) datagram; if so, the datagram is run through
  # the ipf(4) interface so it can be filtered.
  #
  # Interfaces
  #
  add rl1         # Internal
  add rl0         # External
  #
  # Static addresses
  #
  static rl0 8:0:20:1e:2f:2b    # Add external next-hop
  #
  # Lock down external interface
  #
  -learn rl0      # Don't learn source addresses
  -discover rl0   # No (non-broadcast/multicast) packets to unknown addreses
  blocknonip rl0  # Disallow non-IPv4/IPv6/ARP/RARP packets
  #
  # Disallow multicast traffic
  #
  link0           # Don't forward non-IP multicast packets
  link1           # Don't forward IP multicast packets
  #
  # Get MAC address filtering rules
  #
  rulefile /etc/bridge0.rules
  #
  # Bring up the bridge
  #
  up