problems with CP MAC pass-through
There are issues with the MAC pass-through, replicable in the following scenarios (use the attached config as a starting point for these specific examples).
First just load the config and look at the ipfw rule numbers, I'm not sure what the intention is (supposed to be one rule number per host or two?), but the first MAC in the list has rules 2 and 3, but the next MAC has rules 3 and 4. This leads to a mess when you delete one as it removes wrong things.
Then delete, for example, the "test 3" MAC pass-through. It removes it, but hoses two other entries by removing one of their directions, it appears because of the overlapping rule numbers.