From owner-freebsd-pf@FreeBSD.ORG  Tue May 10 17:38:53 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7CE951065675
	for <freebsd-pf@freebsd.org>; Tue, 10 May 2011 17:38:53 +0000 (UTC)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch
	[213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id F25D38FC0A
	for <freebsd-pf@freebsd.org>; Tue, 10 May 2011 17:38:52 +0000 (UTC)
Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1])
	by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id p4AHcrIv010909
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Tue, 10 May 2011 19:38:53 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id p4AHcrUk019275;
	Tue, 10 May 2011 19:38:53 +0200 (MEST)
Date: Tue, 10 May 2011 19:38:53 +0200
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Nicolas GRENECHE <nicolas.greneche@gmail.com>
Message-ID: <20110510173853.GA17049@insomnia.benzedrine.cx>
References: <BANLkTimd5=wzH7dLKKb98jKR3Bmix+x3SQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BANLkTimd5=wzH7dLKKb98jKR3Bmix+x3SQ@mail.gmail.com>
User-Agent: Mutt/1.5.12-2006-07-14
Cc: freebsd-pf@freebsd.org
Subject: Re: Filtering on a sensor dedicated interface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 17:38:53 -0000

On Tue, May 10, 2011 at 06:45:08PM +0200, Nicolas GRENECHE wrote:

> Regarding tcpdump, packets seems to go through the interface. Why does
> pf doesn't see them ?

The destination MAC addresses of the ethernet frames do not match the
firewall's.

By putting the interfaces into promiscuous mode, the frames are copied
to BPF readers (like tcpdump), but the host then ignores the frame.
Since the host is neither the recipient nor bridging, there is no reason
to pf filter the packet, as the frame will be dropped anyway.

I guess you could add the interfaces to bridges or some such construct,
to get pf filtering involved. It depends on WHY you want pf to filter
something you don't want to forward, i.e. what would be the purpose of
the packet showing up on pflog.

Daniel