Date: Mon, 13 May 2013 01:43:01 -0700 (PDT) From: Nomad Esst <noname.esst@yahoo.com> To: pf list <freebsd-pf@freebsd.org> Subject: another pf question, arp filtering Message-ID: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all=0AHere's another PF question. I suppose that filtering based on arp = protocol is also=A0impossible using PF just like MAC address filtering. Am = I right? All of these options are supported by IPFW. What are we supposed t= o do with these problems?! Just don't use PF?!! From owner-freebsd-pf@FreeBSD.ORG Mon May 13 08:47:07 2013 Return-Path: <owner-freebsd-pf@FreeBSD.ORG> Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id EF15D485 for <freebsd-pf@freebsd.org>; Mon, 13 May 2013 08:47:07 +0000 (UTC) (envelope-from noname.esst@yahoo.com) Received: from nm14.bullet.mail.bf1.yahoo.com (nm14.bullet.mail.bf1.yahoo.com [98.139.212.173]) by mx1.freebsd.org (Postfix) with SMTP id 9EC36F04 for <freebsd-pf@freebsd.org>; Mon, 13 May 2013 08:47:07 +0000 (UTC) Received: from [98.139.212.153] by nm14.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 Received: from [98.139.212.244] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 Received: from [127.0.0.1] by omp1053.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 504408.35836.bm@omp1053.mail.bf1.yahoo.com Received: (qmail 30632 invoked by uid 60001); 13 May 2013 08:45:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1368434711; bh=/s75D0GJKt11lLNdB1keK3L/fki+6ARCv6WGAfh/97c=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=YnVzdgLWbGhNfKfBrGc/1bZ/F3UVcvdF5S1ZnavvxYgfDOfEg5+V2N3TIBCJc1C4GA/sR13hHOGvYQMVj919WI4Q+i0TqcD5zpRs3QeqQtMyEwtI6KyzM8BzxvIiQc6SD04zPp6J3VDRrQHtxos8Mj+zyRKuqDl6XhlxYKLnKuY= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=6A+7ZllM2S9JWeIJZyWCiTY+gRoL+vxWJPtvJh0ECzAwUsCsJRvXj3EALv74YGO8diIoDnelePnqoWb0/2rCkFiOxz2qiTSfvcsNrnujIcd0uPDfo9Khvn+JwtJNcMO7y5xahBD60KFT5x30ukQxsKQdk7qZOxVwLKTq9yLC/G0=; X-YMail-OSG: gwtlKaIVM1lanCBxuMr28bJvUnXV5CUhMKtNDrRkLG7YgH5 CsZehJ3ZMVBKXK_tdQOJiJHAbUqO8rSdJ8WtiwSInoSgY2IulZYPTvwUwCyq PpjyRF.Tuvz_N7yyKRsRUrxJnS6uZKoi.0DPTTUJoZqjRV17tqc7q3xpfHHn NkPhcJ3MLD_9Q3dighAsW8zQSs3MP4jY8g7mS2tKhgPwoa3V2DltFRZiopg7 ccUh5Y2WcxV8da.I1dAvOnp4FYIFdDisGLEwcVDAATS8bPu94KWzq39TEQdH oaL2XDEG7pKL4AOUTRLD8rjC_p11UzlFPzWFF0ZlEoyfDlIJBVMl4xGugKKA 84EihdVMTbvwYuTT9VYqqtmMNkIqTqur5kpIdJ.a5TZouXl4UKL1YbYLZHsX D2qOOcgfYh7RKrJwzuD9Vdi2uKw8ChAQk0CXOYwsiCHKeDPFmwgboImr7aQ- - Received: from [89.165.120.140] by web162702.mail.bf1.yahoo.com via HTTP; Mon, 13 May 2013 01:45:10 PDT X-Rocket-MIMEInfo: 002.001, SGkgYWxsCkhlcmUncyBhbm90aGVyIFBGIHF1ZXN0aW9uLiBJIHN1cHBvc2UgdGhhdCBmaWx0ZXJpbmcgYmFzZWQgb24gYXJwIHByb3RvY29sIGlzIGFsc2_CoGltcG9zc2libGUgdXNpbmcgUEYganVzdCBsaWtlIE1BQyBhZGRyZXNzIGZpbHRlcmluZy4gQW0gSSByaWdodD8gQWxsIG9mIHRoZXNlIG9wdGlvbnMgYXJlIHN1cHBvcnRlZCBieSBJUEZXLiBXaGF0IGFyZSB3ZSBzdXBwb3NlZCB0byBkbyB3aXRoIHRoZXNlIHByb2JsZW1zPyEgSnVzdCBkb24ndCB1c2UgUEY_ISEBMAEBAQE- X-Mailer: YahooMailWebService/0.8.141.536 Message-ID: <1368434710.30577.YahooMailNeo@web162702.mail.bf1.yahoo.com> Date: Mon, 13 May 2013 01:45:10 -0700 (PDT) From: Nomad Esst <noname.esst@yahoo.com> Subject: another pf question, arp filtering To: pf list <freebsd-pf@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Nomad Esst <noname.esst@yahoo.com> List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>; List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 13 May 2013 08:47:08 -0000 Hi all=0AHere's another PF question. I suppose that filtering based on arp = protocol is also=A0impossible using PF just like MAC address filtering. Am = I right? All of these options are supported by IPFW. What are we supposed t= o do with these problems?! Just don't use PF?!! From owner-freebsd-pf@FreeBSD.ORG Mon May 13 08:48:03 2013 Return-Path: <owner-freebsd-pf@FreeBSD.ORG> Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4E8A14D1 for <freebsd-pf@freebsd.org>; Mon, 13 May 2013 08:48:03 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by mx1.freebsd.org (Postfix) with ESMTP id DEA1EF0A for <freebsd-pf@freebsd.org>; Mon, 13 May 2013 08:48:02 +0000 (UTC) Received: by mail-wi0-f177.google.com with SMTP id hr14so2666250wib.4 for <freebsd-pf@freebsd.org>; Mon, 13 May 2013 01:48:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=5wyvGKClVyOUvHhWMjFgCpkvhZBIaLMGumTb4uMk9Hg=; b=yjWIWf2SQM6SGCiABjyYHfrAzO8v1XFD2n0DY1MInzgy2aq4jE5H9jCu4stTcrwXfM 5OC/wZAjL3nNc6JrgUseq4Ra8Pstflobwb9HiCLV+N9t+bEvnWqq+drZzprU3Iajw8sO 8mejvXlotFOqpu5q9Acfr/pEEMPvg+2wc1U8O8HWywXZ7vyk5jK3XcRyqji8QL0wzXzf p9HpCSbUoZKXgz+BORa16wN8RkzeSbv81Q6wPBdGeJsWcBoz86eaXrcLuJM6vE2oJcCu GypXuRNUlRVhlhsHjW1RJ5koK8y3DbMKnUlED5xDUNz3oWmgrx8dg5MI886POaZQWXN2 mTbw== MIME-Version: 1.0 X-Received: by 10.194.236.198 with SMTP id uw6mr34024837wjc.33.1368434881580; Mon, 13 May 2013 01:48:01 -0700 (PDT) Received: by 10.216.112.10 with HTTP; Mon, 13 May 2013 01:48:01 -0700 (PDT) In-Reply-To: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com> References: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com> Date: Mon, 13 May 2013 11:48:01 +0300 Message-ID: <CA+7WWScEC35vF-Lge8nY2OngV4ETRzN4kj2agS-ue0M47wpHHA@mail.gmail.com> Subject: Re: another pf question, arp filtering From: Kimmo Paasiala <kpaasial@gmail.com> To: Nomad Esst <noname.esst@yahoo.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: pf list <freebsd-pf@freebsd.org> X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>; List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 13 May 2013 08:48:03 -0000 On Mon, May 13, 2013 at 11:43 AM, Nomad Esst <noname.esst@yahoo.com> wrote: > Hi all > Here's another PF question. I suppose that filtering based on arp protoco= l is also impossible using PF just like MAC address filtering. Am I right? = All of these options are supported by IPFW. What are we supposed to do with= these problems?! Just don't use PF?!! > _______________________________________________ Read first on what ARP is in context of the networking. http://en.wikipedia.org/wiki/Address_Resolution_Protocol Basically you're asking the same thing when you're asking whether PF supports filtering based on MAC addresses or filtering by the ARP protocol. You should direct your question to those who designed PF in the first place why they didn't think of including layer2 filtering. -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1368434581.59211.YahooMailNeo>