From owner-freebsd-pf@FreeBSD.ORG Tue Apr 17 17:26:00 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A4DB616A400 for ; Tue, 17 Apr 2007 17:26:00 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.freebsd.org (Postfix) with ESMTP id 3EDC013C480 for ; Tue, 17 Apr 2007 17:25:59 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so189170ugh for ; Tue, 17 Apr 2007 10:25:58 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=TRD0MroC79yJIKzI7PRzU48nXPrfvT3EMAmz9sfVtt4YxsxY6wnKSIBZUx6ewcvLRMVPmA2rYKW95n9kCFjVjSTztSXBNUeLpyp/V0Sp11WgXo1/nfLmzCL9vMNJI7Q3IBHv7UzNA+4p8AXVoA0dxRZ2HRrbjkCInsJKqnETMQ0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=mLHYZQAmTF7/U5gLtI5O+kjc/CB19s4bmzNAznA4pGnSEoc81cPJ4heCTCABd+mX1Q27mNCtHvNl7XX7wtz7s7lrRdU3FRm8RzqnqFhUNhJ6vjG177NulRjekTwXirfgXlq4/C3Dh3S9HwqRbNv4mdzpgDbsOr5kGQ3/GSutpRo= Received: by 10.66.244.11 with SMTP id r11mr646406ugh.1176830758668; Tue, 17 Apr 2007 10:25:58 -0700 (PDT) Received: by 10.67.48.2 with HTTP; Tue, 17 Apr 2007 10:25:58 -0700 (PDT) Message-ID: <55e8a96c0704171025n4a3a8893s912886f6cfd7b36a@mail.gmail.com> Date: Tue, 17 Apr 2007 12:25:58 -0500 From: "Bill Marquette" To: "freebsd-pf@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: ng_tag and pf? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 17:26:00 -0000 Is it possible to use ng_tag in conjunction with pf? I have a setup in OpenBSD currently where I use the bridge interface to apply a tag to a packet based on the mac address so that when pf gets the packet it can apply a reply-to rule to it to keep traffic flows symmetric (the upstream device(s) also keep state, so the reply path has to be the same). I'm looking to duplicate this in FreeBSD with pf and I think ng_tag and maybe ng_bpf can make this happen, but I'm at a bit of a loss as to how at this point. Any pointers or at least a "yes it's absolutely possible, figure it out and let us know the exact config" answer would be very much appreciated. Thanks --Bill