From owner-freebsd-pf@FreeBSD.ORG  Fri Oct  7 15:22:14 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D1EE106566B
	for <freebsd-pf@freebsd.org>; Fri,  7 Oct 2011 15:22:14 +0000 (UTC)
	(envelope-from Aleksej.Spenst@harman.com)
Received: from exprod6og116.obsmtp.com (exprod6og116.obsmtp.com [64.18.1.37])
	by mx1.freebsd.org (Postfix) with SMTP id CB54D8FC0A
	for <freebsd-pf@freebsd.org>; Fri,  7 Oct 2011 15:22:13 +0000 (UTC)
Received: from HIKAWSEX02.ad.harman.com ([194.121.90.173]) (using TLSv1) by
	exprod6ob116.postini.com ([64.18.5.12]) with SMTP; 
	Fri, 07 Oct 2011 08:22:14 PDT
Received: from HIKAWSEX01.ad.harman.com ([fe80::f023:31d4:f809:b22e]) by
	HIKAWSEX02.ad.harman.com ([172.16.1.216]) with mapi;
	Fri, 7 Oct 2011 17:11:19 +0200
From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com>
To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org>
Date: Fri, 7 Oct 2011 17:11:18 +0200
Thread-Topic: How to block HTTP packets going to 0.0.0.0 via proxy
Thread-Index: AcyFA12IH/ovZwklSnit3YDsshhq8A==
Message-ID: <20290C577F743240B5256C89EFA753810D28E8E174@HIKAWSEX01.ad.harman.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: de-DE, en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: How to block HTTP packets going to 0.0.0.0 via proxy
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2011 15:22:14 -0000

Hi,

my browser goes online via proxy.
So, when I type http://0.0.0.0 in my browser I see in wireshark the followi=
ng:

     Source                   Destination          Protocol                =
      Info
172.16.102.100        172.16.2.17             HTTP           GET http://0.0=
.0.0/ HTTP/1.1

That is the http GET request with the 0.0.0.0 IP address is sent to my prox=
y 172.16.2.17.
I do not want these requests to go to proxy. How can I block such requests =
with pf rules?

I could easily write a rule to block all packets directly going to IP 0.0.0=
.0, but in case with proxy, I don't know how to block such requests.

Thanks for any help.

Regards,
Aleks.