Date: Sat, 04 Dec 2004 22:59:46 +0100 From: Andre Oppermann <andre@freebsd.org> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org Subject: Re: pf and bridging Message-ID: <41B23352.2E07D115@freebsd.org> References: <00ea01c4d89f$273c9d20$2603fb93@KLOBOUCEK> <200412031548.02444.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > > On Thursday 02 December 2004 19:45, Petr Holub wrote: > > Hi all, > > > > I wonder if it is possible to use the new pf firewall together with > > bridging as it is possible to use it with ipf and ipfw. > > Unfortunately the PFIL_HOOKS in bridge.c don't work too well for pf (or ipf > for the same reason) thus you cannot use stateful filtering. There is an > ongoing discussion on freebsd-pf@ that talks about the details: > http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000621.html > http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000625.html > http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000631.html I'll do the Layer 2 ipfw pfil_hook conversion next when I've finished the rewrite of TCP reassembly in a few days. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41B23352.2E07D115>