Date: Fri, 10 May 2013 23:52:33 -0700 (PDT) From: Nomad Esst <noname.esst@yahoo.com> To: Jason Hellenthal <jhellenthal@dataix.net>, Christophe <tech@stuxnet.org> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: packet tagging Message-ID: <1368255153.65555.YahooMailNeo@web162701.mail.bf1.yahoo.com> In-Reply-To: <5D8FA439-4EA7-462F-B410-A815C1C78769@DataIX.net> References: <1368097169.74234.YahooMailNeo@web162701.mail.bf1.yahoo.com> <878v3obakf.fsf@deeperthought.bsdly.net> <1368103486.77403.YahooMailNeo@web162706.mail.bf1.yahoo.com> <518BC6C2.5030702@stuxnet.org> <5D8FA439-4EA7-462F-B410-A815C1C78769@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
=A0> As for 8-STABLE this functionality is not available.=0A=0A=0A=A0>=A0I'= m not tracking 9-* so someone else will have to answer for that.=0A=0A=A0>= =A0But as far as L2 filtering on the bridge...=0A=0A=A0>=A0You will probabl= y want ipfw instead as on 8-* were using pf4.3=BF which on FreeBSD is L3, &= L4 filtering only.=0A=0A=A0>=A0If you are looking for a BSD solution for f= iltering only and your concern is mainly based on using pf, I will sadly sa= y you should lean on OpenBSD unless something changes or you are willing = =A0>=A0=A0to=A0use=A0access lists on your switches.=0A=0ASo bad!!! I'm thin= king of developing some utility that do the MAC address filtering and then = send them to PF, so PF can decide about them, whether to pass or drop them = away. Do you have any ieads about that?=0A=0A>=A0Now if your concern is mai= nly wireless the if_wlan interface is capable of its own l2 filtering but n= othing like pf.=0A=0A>=A0Good luck & best packeting,=0A=0A>=A0-- =0A>=A0Jas= on Hellenthal=0A>=A0IS&T Services Professional=0A>=A0Inbox: jhellenthal@Dat= aIX.net=0A>=A0JJH48-ARIN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1368255153.65555.YahooMailNeo>