From owner-freebsd-questions@FreeBSD.ORG Fri Aug 31 17:01:32 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C9AB16A469 for ; Fri, 31 Aug 2007 17:01:32 +0000 (UTC) (envelope-from erik@cepheid.org) Received: from mail.cepheid.org (wintermute.cepheid.org [64.92.165.98]) by mx1.freebsd.org (Postfix) with ESMTP id 016D513C458 for ; Fri, 31 Aug 2007 17:01:31 +0000 (UTC) (envelope-from erik@cepheid.org) Received: by mail.cepheid.org (Postfix, from userid 1006) id 99DDF170D8; Fri, 31 Aug 2007 12:01:07 -0500 (CDT) Date: Fri, 31 Aug 2007 12:01:07 -0500 From: Erik Osterholm To: freebsd-questions@freebsd.org Message-ID: <20070831170107.GA48513@idoru.cepheid.org> Mail-Followup-To: Erik Osterholm , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Subject: Pass all protocols in PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 17:01:32 -0000 I've been working with PF for awhile, and this is something that's bugged me for some time. Is there any way to make "pass in all" pass any protocol? Right now, for example, we have a firewall with two bridged (if_bridge) Intel NICs and pf. We need OSPF to pass, and so we have to add an explicit rule to pass it, despite the fact that we have a default pass in any rule. It's the same story for other protocols. Thanks in advance for any replies. Erik