Should we use filtered and unfiltered, or some other descriptive title? Using legacy as a name instead of an adjective gets a bit confusing, and doesn't age well if it's still around when a third idea comes out.

Should we use RFC style language to improve semantic density?

Does it make sense to put numbered examples in an EXAMPLES section?

Putting macros in titles is discouraged per mdoc(7)

i'm open to other names for the "legacy" bridge configuration, but i'm not sure "unfiltered" really works: an "unfiltered bridge" is not a thing anyone knows about, so it's not very descriptive. "legacy" at least implies "this is the old way of doing it".

i would be open to something like "basic bridge" and "VLAN filtering bridge", except i don't really like "basic bridge", but perhaps there's another word we could use here?

unless we use that language in other manual pages (which i don't think we do?) i don't think that is more clear.

i thought about this and i really prefer having examples inline here, rather than referring to the EXAMPLES section, because it makes it easier for the reader to understand what's going on. trying to explain the configuration without being able to show actual ifconfig commands is quite difficult and ends up being more verbose and less explanatory, at least in my experience. but i'm open to other ways of doing this if you have a better suggestion.

noted, but then what is the preferred formatting here?

note to self: typo, "a separate STP instances"

I do not have any alternative names to propose but I think almost anything is better than legacy almost all the time.

Consider using an appositive instead of nested parentheticals. I think appositives always read more clearly than parentheticals, and especially nested parentheticals.

Titles shouldn't have cross-references. I'm not sure I understand this clearly, maybe not because of your writing but just because I'm not a network engineer, but maybe something like "Configuring VLAN-aware bridges" or
"Understanding bridge VLAN capture"?

Also consider using an appositive.

Almost all of this is well over my head except DMZ. Afaik DMZ is the first thing they teach you about networking.

since we never use the acronym again i've just removed it, and we can also remove "sometimes called" since this term comes from 802.1Q, so it's always called that.

this section is about a specific interaction between bridge(4) and vlan(4) in FreeBSD, not about VLANs in general, so i think that should be reflected in the title. i've changed it to use "if_bridge and if_vlan" to make that a bit more clear without using Xr.

the wording here was redundant, so i've changed it to simply say what it meant.

i think anyone reading this will know what a DMZ is, but that's a detail that isn't actually relevant to the example, so i've reworded it to talk about "isolated networks" instead.