From owner-freebsd-net@FreeBSD.ORG  Sat Dec  4 21:59:47 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F5C716A4CE
	for <freebsd-net@freebsd.org>; Sat,  4 Dec 2004 21:59:47 +0000 (GMT)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF63F43D31
	for <freebsd-net@freebsd.org>; Sat,  4 Dec 2004 21:59:46 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 47699 invoked from network); 4 Dec 2004 21:50:23 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.53])
          (envelope-sender <andre@freebsd.org>)
          by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
          for <max@love2party.net>; 4 Dec 2004 21:50:23 -0000
Message-ID: <41B23352.2E07D115@freebsd.org>
Date: Sat, 04 Dec 2004 22:59:46 +0100
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Max Laier <max@love2party.net>
References: <00ea01c4d89f$273c9d20$2603fb93@KLOBOUCEK>
	<200412031548.02444.max@love2party.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: Petr Holub <hopet@ics.muni.cz>
cc: freebsd-net@freebsd.org
Subject: Re: pf and bridging
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Dec 2004 21:59:47 -0000

Max Laier wrote:
> 
> On Thursday 02 December 2004 19:45, Petr Holub wrote:
> > Hi all,
> >
> > I wonder if it is possible to use the new pf firewall together with
> > bridging as it is possible to use it with ipf and ipfw.
> 
> Unfortunately the PFIL_HOOKS in bridge.c don't work too well for pf (or ipf
> for the same reason) thus you cannot use stateful filtering. There is an
> ongoing discussion on freebsd-pf@ that talks about the details:
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000621.html
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000625.html
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000631.html

I'll do the Layer 2 ipfw pfil_hook conversion next when I've finished
the rewrite of TCP reassembly in a few days.

-- 
Andre