I have a tinc network, between two LANs on the same subnet.
Both tinc "gateway" machines run NetBSD, and use npf. Both have a tap0 from tinc, bridged to their LANs with bridge0. Both are also dhcp servers for their respective LANs.
I cannot seem to block dhcp requests from going through the tinc network. Both dhcp servers see all machines on both LANs.
tinc is configured "Forwarding = kernel" on both ends. I thought that I could block bootpc and bootps on bridge0 since both bridges have packet filtering enabled. I have it blocked for bridge0 and tap0 on both machines; but dhcp requests still show up on the LAN from the opposite LAN. That is, requests from LAN A show up on awge0 of LAN B's gateway machine, and requests from LAN B show up on re0 of LAN A's gateway machine.
What am I missing?
