From owner-freebsd-pf@FreeBSD.ORG Thu Sep 6 20:39:40 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7070416A419 for ; Thu, 6 Sep 2007 20:39:40 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id 2FC1D13C45A for ; Thu, 6 Sep 2007 20:39:38 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id D3F4D7BFF2B for ; Thu, 6 Sep 2007 22:39:36 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id oYHyAwBCVqhV for ; Thu, 6 Sep 2007 22:39:36 +0200 (CEST) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id 8D4AE7BFCCB for ; Thu, 6 Sep 2007 22:39:36 +0200 (CEST) Date: Thu, 6 Sep 2007 22:39:36 +0200 From: Gergely CZUCZY To: freebsd-pf@freebsd.org Message-ID: <20070906203936.GA7448@harmless.hu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline User-Agent: mutt-ng/devel-r804 (FreeBSD) Subject: duplicate rule on :broadcast X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 20:39:40 -0000 --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello I've got a configuration when i've got 2 IPs on em0 =66rom the very same subnet. This means, they have the same broadcast address. I have the following rule in my pf.conf: block in quick on $if_inet proto udp from any to $if_inet:broadcast port 13= 7 label "broadcast deny" Since I've got two addresses on that interface it expands to the folowing accordin got ptfctl -sr: block return in quick on em0 inet proto udp from any to 195.56.55.255 port = =3D netbios-ns label "broadcast deny" block return in quick on em0 inet proto udp from any to 195.56.55.255 port = =3D netbios-ns label "broadcast deny" Is it really neccessery to have duplicates when the boradcast addresses of the assigned addresses are the very same? Sincerely, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owHFVL1rFEEUz5fNiEVqCx9BCGh2vbtkL5eTI8JF4zUqGLAQkdndt7eDuzPrzGyS jU0aMUUKsVJsUtkJES1FQQvBwn/ARltBCwtr3+7lLqbQ1m5m3tv3+5jf7MMTk2MT 05/2X908u/vo6fjzyZ/+mTS3VvadlOt1IZ16rVZ3FhcWWs6840U1v9XERn2xtYQt v3bpC+50lbQorbNWZNgGi5v2XJZwIc9DEHNt0HZyGzktNuxbESZTRlihZBuETITE UW1Nc2ki1M5FGahQyH4b7ubKYuhkWkjL/QQZu4xJohjrza4j9JUFDoGSkejnmpdD YSNGCWJYbUDvmgE6xrTGOs2mVinYGGEddQGGpwgm9yVaF9ZiYSBFYjBXdhQQc5pB K1a1+VrxMOCGAMNQozEu9EYtECkitUGMQedEUkhIC8git6TWZn6igjskltQIWhCb 0yK6TcotZFpZBXmYQVRS47IA2g/L7UPUTGkL9fkOW4SE+5jAzGEtRFnMMHZdyABh ZIzdUEOuWFlgY26JhUUdcWoUluFmxmVoSsgDFQMRPAiUpguo5mQ2CmwCjtFDJRpt ruURQWQv/ENQfclzvabreW7D8wZaOqwzvwL0iS+UcaT5m6z/AMl6htwhTJ4kBfUH QemhrsZWVx7mWSICbsnXKm5lSnyljwakND2qfOXGiL7E8I8K14NsjXK4fHB/GpNi jrFV1H1aQXcrD7YKlnKRWNWG/uDYDarjC/TC0qTMYpwz5jidRo3dQJSCAIgbhXqV NnmJZ1RCvMkpekOpGUSBa2HQZTvLk8fGyqc8/A1MT+y+Hdt78Gzb6z7exu77Xz++ 3p+69+L4u+9jT8Zff/728cObKX7l1stTUbx/8urs3m8= =FQOA -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC--