From owner-freebsd-pf@FreeBSD.ORG  Tue Oct 26 05:33:50 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EAA1216A4CE
	for <freebsd-pf@freebsd.org>; Tue, 26 Oct 2004 05:33:50 +0000 (GMT)
Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7268943D46
	for <freebsd-pf@freebsd.org>; Tue, 26 Oct 2004 05:33:50 +0000 (GMT)
	(envelope-from yongari@kt-is.co.kr)
Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193])
	(authenticated bits=128)
	by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i9Q5WNAh062635
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL);
	Tue, 26 Oct 2004 14:32:23 +0900 (KST)
Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1])
	by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i9Q5XZIk005094
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 26 Oct 2004 14:33:35 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
Received: (from yongari@localhost)
	by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i9Q5XYvP005093;
	Tue, 26 Oct 2004 14:33:34 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
Date: Tue, 26 Oct 2004 14:33:34 +0900
From: Pyun YongHyeon <yongari@kt-is.co.kr>
To: Daniel Graupner <listen@danielgraupner.de>
Message-ID: <20041026053334.GB4914@kt-is.co.kr>
References: <417A988C.6030607@danielgraupner.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <417A988C.6030607@danielgraupner.de>
User-Agent: Mutt/1.4.1i
X-Filter-Version: 1.11a (ns.kt-is.co.kr)
cc: freebsd-pf@freebsd.org
Subject: Re: pf and multicast
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: yongari@kt-is.co.kr
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2004 05:33:51 -0000

On Sat, Oct 23, 2004 at 07:44:44PM +0200, Daniel Graupner wrote:
 > Hello,
 > 
 > i'am currently using fbsd 5.2.1 and the security/pf port. With this port 
 > i sadly can not match multicast traffic. My pf is running on a multicast 
 > source an i want to create a rule that allows udp packets to a specific 
 > multicast-address and port.
 > 
 > Is it possible?
 > 

You may need "allow-opts" directive for a pass rule in order to
allow packets with IP options set. pf normally blocks all packets
with IP options set. Check with "pfctl -xm" whether pf drops the
multicast packets.

 > Regards,
 > Daniel.
-- 
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari	|	yongari@freebsd.org