From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:55 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id A3BB316A4D0; Thu, 16 Sep 2004 03:46:55 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 97116 invoked by uid 1005); 27 Aug 2003 03:31:58 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 97113 invoked from network); 27 Aug 2003 03:31:58 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 03:31:58 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvO-0002b6-00 for max@vampire.homelinux.org; Wed, 27 Aug 2003 06:28:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvL-0004H5-00 for max@love2party.net; Wed, 27 Aug 2003 06:28:47 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 3E55639099D; Tue, 26 Aug 2003 23:29:44 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 26 Aug 2003 23:29:39 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id 331333906C1 for ; Tue, 26 Aug 2003 23:29:38 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvE-0004Gp-00 for pf4freebsd@freelists.org; Wed, 27 Aug 2003 06:28:40 +0200 Received: from [217.83.8.211] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19rrvD-0000UC-00 for pf4freebsd@freelists.org; Wed, 27 Aug 2003 06:28:40 +0200 Message-ID: <004701c36c53$ed0c0860$01000001@max900> From: "Max Laier" To: References: <200308262103.12394.alan@precisionautobody.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 107 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 218 X-Length: 3597 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:55 -0000 X-Original-Date: Wed, 27 Aug 2003 06:30:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:55 -0000 bridge.c has PFIL_HOOKS implemented. All you should have to do is: # sysctl net.link.ether.bdg_ipf=1 More documentation can be found in the sources: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/bridge.c#rev1.48 Note the part about "This will not work in (...) the bridge.ko module.", you need built in bridge to make it work. Best way to test, is to load a ruleset only containing: block log and then $pftcpdump -n -e -ttt -i pflog0 while generating traffic from both sides. This will give you an idea what filter rules you'll need. ----- Original Message ----- From: "Alan Bryan" To: Sent: Wednesday, August 27, 2003 6:03 AM Subject: [pf4freebsd] Bridging? > I can't seem to find any information about pf and bridging on FreeBSD. I've > got my bridge set up and working but seem to be unable to get pf to block any > traffic through the bridge. > > Before I waste more time on this has anyone else successfully used pf on a > FreeBSD bridge? > > Thanks, > Alan >