Runtime operation of the bridge is controlled by several sysctl(8) variables, as follows.
Set to 1 to enable bridging, set to 0 to disable it.
Set to 1 to enable ipfw(8) processing of bridged packets. Note that ipfw(8) rules only apply to IP packets. Non-IP packets are accepted by default. See the BUGS section and the ipfw(8) manpage for more details on the interaction of bridging and the firewall.
Set to 1 to enable ipf(8) processing of bridged packets. Note that ipf(8) rules only apply to IP packets. Non-IP packets are accepted by default.
Set to the list of interfaces to bridge. Interfaces are separated by spaces, commas or tabs. Each interface can be optionally followed by a colon and an integer indicating the cluster it belongs to (defaults to 1 if the cluster-ID is missing), e.g. ""dc0:1,dc1,vlan0:3 dc2:3"" will put dc0 and dc1 in cluster number 1, and vlan0 and dc2 in cluster number 3. See the EXAMPLES section for more examples.
The list of interfaces is rescanned every time the list is modified, bridging is enabled, or new interfaces are created or destroyed. An explicit request to refresh the bridge configuration can also be done by writing any value to net.link.ether.bridge.refresh. Interfaces that are in the list but cannot be used for bridging (because they are non-existing, or not Ethernet or VLAN) are not used and a warning message is generated.
Bridging requires interfaces to be put in promiscuous mode, and transmit packets with Ethernet source addresses different than their own. Some interfaces (e.g. wi(4)) do not support this functionality. Also, bridging is not compatible with interfaces which use hardware loopback, because there is no way to tell locally generated packets from externally generated ones.