From owner-freebsd-pf@FreeBSD.ORG  Fri Oct  7 15:54:03 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0426D106567C
	for <freebsd-pf@freebsd.org>; Fri,  7 Oct 2011 15:54:03 +0000 (UTC)
	(envelope-from cbuechler@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 9433A8FC17
	for <freebsd-pf@freebsd.org>; Fri,  7 Oct 2011 15:54:02 +0000 (UTC)
Received: by wwe3 with SMTP id 3so5789100wwe.31
	for <freebsd-pf@freebsd.org>; Fri, 07 Oct 2011 08:54:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding;
	bh=E3HkfVZAsNWPVK9c81N2wIB+BeHx09Nf8H6Ha5uJIgI=;
	b=bLAWwvkbAG0+bkUZMbiIMLZ11yvyL6cEo1bqjmu0X6bSVzhN5hW7/qeNbFU+evMbHf
	ttgA7YTKOQJNNgPcePjhtNhXL3Bobz7yQyJY4AEMIF3etmpoAP+VQh3HYwryJMM1/zw0
	iOPmugI8y4fMjtWJK0vdMWsIy6zY7vetBo3rM=
Received: by 10.227.28.96 with SMTP id l32mr2632012wbc.50.1318001101088; Fri,
	07 Oct 2011 08:25:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.72.212 with HTTP; Fri, 7 Oct 2011 08:24:41 -0700 (PDT)
In-Reply-To: <20290C577F743240B5256C89EFA753810D28E8E174@HIKAWSEX01.ad.harman.com>
References: <20290C577F743240B5256C89EFA753810D28E8E174@HIKAWSEX01.ad.harman.com>
From: Chris Buechler <cbuechler@gmail.com>
Date: Fri, 7 Oct 2011 17:24:41 +0200
Message-ID: <CAOmxWMWYUeTNjOCdjPp-cZJNuRyHJkWXHgWs3FtVbtscE8wq2Q@mail.gmail.com>
To: "Spenst, Aleksej" <Aleksej.Spenst@harman.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: How to block HTTP packets going to 0.0.0.0 via proxy
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2011 15:54:03 -0000

On Fri, Oct 7, 2011 at 5:11 PM, Spenst, Aleksej
<Aleksej.Spenst@harman.com> wrote:
> Hi,
>
> my browser goes online via proxy.
> So, when I type http://0.0.0.0 in my browser I see in wireshark the follo=
wing:
>
> =A0 =A0 Source =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Destination =A0 =A0 =
=A0 =A0 =A0Protocol =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Info
> 172.16.102.100 =A0 =A0 =A0 =A0172.16.2.17 =A0 =A0 =A0 =A0 =A0 =A0 HTTP =
=A0 =A0 =A0 =A0 =A0 GET http://0.0.0.0/ HTTP/1.1
>
> That is the http GET request with the 0.0.0.0 IP address is sent to my pr=
oxy 172.16.2.17.
> I do not want these requests to go to proxy. How can I block such request=
s with pf rules?
>
> I could easily write a rule to block all packets directly going to IP 0.0=
.0.0, but in case with proxy, I don't know how to block such requests.
>

Block them on the proxy. PF can't tell the difference between GET
http://0.0.0.0 and GET http://google.com