Date: Fri, 10 Jul 2020 19:57:08 +0200 From: <l.m.v.breda@xs4all.nl> To: <pf@FreeBsd.org> Subject: =?utf-8?Q?The_best_of_both_worlds_=E2=80=9Cusing_m?= =?utf-8?Q?ac_filtering_in_pf=E2=80=9D?= Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAACYbCWzhrJhCgyrjLq4Ik8vCgAAAEAAAAL4ruAj5hLlBvrT0M4EEcEEBAAAAAA==@xs4all.nl>
next in thread | raw e-mail | index | archive | help
Hello, I am using pfSense, build on top of pf. And of course pfSense/pf is a = terrific firewall, however the world is changing in the direction of = IPV6 and that leads to new issues and related new requirements. One of the major issues is that IPV6 does not provide a stable source = address you can use to filter in your firewall.=20 Many firewalls =E2=80=9Cout there=E2=80=9D are *using the level-2 mac as = a way around this issue*. =EF=BF=BD However =E2=80=A6.. pfSense cannot = provide that functionality, since it is built on top of = =E2=80=A6=E2=80=A6 pf. Tja, and then there is a =E2=80=9Cstriking=E2=80=9D issue =E2=80=A6.. = suppose that pfSense would have been built on top of OpenBSD, still = using pf =E2=80=A6=E2=80=A6=E2=80=A6. That had been possible = =E2=80=A6=E2=80=A6. So as user I would be very pleased if there could be a joined = =E2=80=9Cpf-release=E2=80=9D having *best of both worlds* !!!! Assume we were running OpenBSD =E2=80=A6=E2=80=A6 things like =EF=BF=BD = =EF=BF=BD=20 step-1: ifconfig bridge0 rule pass in on fxp0 src <mac-address> tag = <sometag> step-2: And then in pf.conf: pass in on fxp0 tagged <sometag> (policy = based rule) would have been an option, =E2=80=A6. not saying it is the best option = =E2=80=A6.. =EF=BF=BDbetter option would be if pf could set the tag = itself Whatever please consider adding this functionality to pf preferable on = short term, since IPV6 is fast becoming very important! Sincerely, =EF=BF=BD Louis PS =E2=80=A6 should I raise an feature request for this? =EF=BF=BD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?!&!AAAAAAAAAAAYAAAAAAAAACYbCWzhrJhCgyrjLq4Ik8vCgAAAEAAAAL4ruAj5hLlBvrT0M4EEcEEBAAAAAA==>