Date: Sun, 12 May 2013 12:42:16 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Nomad Esst <noname.esst@yahoo.com> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: packet tagging Message-ID: <EB9CBAE7-E250-4D2D-9F86-D09A7D8CB283@DataIX.net> In-Reply-To: <1368255153.65555.YahooMailNeo@web162701.mail.bf1.yahoo.com> References: <1368097169.74234.YahooMailNeo@web162701.mail.bf1.yahoo.com> <878v3obakf.fsf@deeperthought.bsdly.net> <1368103486.77403.YahooMailNeo@web162706.mail.bf1.yahoo.com> <518BC6C2.5030702@stuxnet.org> <5D8FA439-4EA7-462F-B410-A815C1C78769@DataIX.net> <1368255153.65555.YahooMailNeo@web162701.mail.bf1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'd say it would probably be a cheaper solution to just code the l2 filterin= g into pf but would be more of a benefit to you and everyone else to do it o= n HEAD if its not already there. I believe HEAD uses pf4.5. --=20 Jason Hellenthal IS&T Services Professional Inbox: jhellenthal@DataIX.net JJH48-ARIN On May 11, 2013, at 2:52, Nomad Esst <noname.esst@yahoo.com> wrote: > > As for 8-STABLE this functionality is not available. >=20 > > I'm not tracking 9-* so someone else will have to answer for that. >=20 > > But as far as L2 filtering on the bridge... >=20 > > You will probably want ipfw instead as on 8-* were using pf4.3=C2=BF wh= ich on FreeBSD is L3, & L4 filtering only. >=20 > > If you are looking for a BSD solution for filtering only and your conce= rn is mainly based on using pf, I will sadly say you should lean on OpenBSD u= nless something changes or you are willing > to use access lists on your s= witches. >=20 > So bad!!! I'm thinking of developing some utility that do the MAC address f= iltering and then send them to PF, so PF can decide about them, whether to p= ass or drop them away. Do you have any ieads about that? >=20 > > Now if your concern is mainly wireless the if_wlan interface is capable o= f its own l2 filtering but nothing like pf. >=20 > > Good luck & best packeting, >=20 > > --=20 > > Jason Hellenthal > > IS&T Services Professional > > Inbox: jhellenthal@DataIX.net > > JJH48-ARIN >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB9CBAE7-E250-4D2D-9F86-D09A7D8CB283>