From owner-freebsd-pf@FreeBSD.ORG Mon May 13 08:43:03 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 02E56239 for ; Mon, 13 May 2013 08:43:03 +0000 (UTC) (envelope-from noname.esst@yahoo.com) Received: from nm18.bullet.mail.bf1.yahoo.com (nm18.bullet.mail.bf1.yahoo.com [98.139.212.177]) by mx1.freebsd.org (Postfix) with SMTP id 7D370ED2 for ; Mon, 13 May 2013 08:43:02 +0000 (UTC) Received: from [98.139.212.151] by nm18.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:43:01 -0000 Received: from [98.139.212.204] by tm8.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:43:01 -0000 Received: from [127.0.0.1] by omp1013.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:43:01 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 622558.75947.bm@omp1013.mail.bf1.yahoo.com Received: (qmail 76854 invoked by uid 60001); 13 May 2013 08:43:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1368434581; bh=CXzWFXxG9jA2okAzIFvvW18/hBbo2NBjQL4gWfOzSYg=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=VrTIcYH4yZq4N+ZHgIEudPHGP0DDykRDIq0xmeGlcaW33jba1mhigUqKKc8p3eYh0HrJBhy3e3HDUBp6VG6Bp7tqnSSEXErWtbNGpFwFZZJA59tJLc+e+wX6a7LvD2y9XSrmaJUWJPmGaG/YYaRsdreUpmDmNTQS1eUYMt0o0Lo= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=obijMUIUYHM8RQyZmWN1rswO5kl7FdZfl8brSLX8VaUbbqx5yUNkhep1o5mfxmluUMmdTwOgG1ZMV1ZTEPnhZijdYEavy6TdpDKJ58ELG6ltQKF5lRYVAvEitivBoKla/9YJW7ZPA9gTTT/i3bKF4pNAeUXbug+hARn0L2TjZdw=; X-YMail-OSG: xnaY9doVM1njc7pLHwO02VvX2YsoS2Fw4.js3PthrWZOdc3 bs4b.52pZ69KzOxTkAIEYFdoTVXVSFZy5COpzxtu0T8IDNxynD1jspGu4xmx OBewOFIT6r_iOUJUnxRItvZNmn6nY4y.wLUkenUxaolFE8nI5Aa6wFT8hdku MPMZzuOHL4SWPCKeHUvy7Yt2qR9ANvsZFbIGFD8mZiiQPTSIl.SBRxa2ik0E nrDZk8_WRn8B7LBlnPqpH9oqrGaEOQc5dcHnXPeSug4CKPnifdphbAWsngX4 KQlipUN77.HnzDUPHBsReHJV7p1CRtZaoThDhXwwjgdP0nBsz.uAlZl75sw6 AhqMzq_.KWQtcAdf.hl0Ya42i8gSkmLwmc1FptUbWIN9p3cZk2n92jfblgTo pfMHDYdaRruu2q.tKBKEArOmHm2zJ8Ri_iLOThy5mh8uCIVzQKZ8wcLzggQ- - Received: from [89.165.120.140] by web162701.mail.bf1.yahoo.com via HTTP; Mon, 13 May 2013 01:43:01 PDT X-Rocket-MIMEInfo: 002.001, SGkgYWxsCkhlcmUncyBhbm90aGVyIFBGIHF1ZXN0aW9uLiBJIHN1cHBvc2UgdGhhdCBmaWx0ZXJpbmcgYmFzZWQgb24gYXJwIHByb3RvY29sIGlzIGFsc2_CoGltcG9zc2libGUgdXNpbmcgUEYganVzdCBsaWtlIE1BQyBhZGRyZXNzIGZpbHRlcmluZy4gQW0gSSByaWdodD8gQWxsIG9mIHRoZXNlIG9wdGlvbnMgYXJlIHN1cHBvcnRlZCBieSBJUEZXLiBXaGF0IGFyZSB3ZSBzdXBwb3NlZCB0byBkbyB3aXRoIHRoZXNlIHByb2JsZW1zPyEgSnVzdCBkb24ndCB1c2UgUEY_ISEBMAEBAQE- X-Mailer: YahooMailWebService/0.8.141.536 Message-ID: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com> Date: Mon, 13 May 2013 01:43:01 -0700 (PDT) From: Nomad Esst Subject: another pf question, arp filtering To: pf list MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Nomad Esst List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 May 2013 08:43:03 -0000 Hi all=0AHere's another PF question. I suppose that filtering based on arp = protocol is also=A0impossible using PF just like MAC address filtering. Am = I right? All of these options are supported by IPFW. What are we supposed t= o do with these problems?! Just don't use PF?!! From owner-freebsd-pf@FreeBSD.ORG Mon May 13 08:47:07 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id EF15D485 for ; Mon, 13 May 2013 08:47:07 +0000 (UTC) (envelope-from noname.esst@yahoo.com) Received: from nm14.bullet.mail.bf1.yahoo.com (nm14.bullet.mail.bf1.yahoo.com [98.139.212.173]) by mx1.freebsd.org (Postfix) with SMTP id 9EC36F04 for ; Mon, 13 May 2013 08:47:07 +0000 (UTC) Received: from [98.139.212.153] by nm14.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 Received: from [98.139.212.244] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 Received: from [127.0.0.1] by omp1053.mail.bf1.yahoo.com with NNFMP; 13 May 2013 08:45:11 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 504408.35836.bm@omp1053.mail.bf1.yahoo.com Received: (qmail 30632 invoked by uid 60001); 13 May 2013 08:45:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1368434711; bh=/s75D0GJKt11lLNdB1keK3L/fki+6ARCv6WGAfh/97c=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=YnVzdgLWbGhNfKfBrGc/1bZ/F3UVcvdF5S1ZnavvxYgfDOfEg5+V2N3TIBCJc1C4GA/sR13hHOGvYQMVj919WI4Q+i0TqcD5zpRs3QeqQtMyEwtI6KyzM8BzxvIiQc6SD04zPp6J3VDRrQHtxos8Mj+zyRKuqDl6XhlxYKLnKuY= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=6A+7ZllM2S9JWeIJZyWCiTY+gRoL+vxWJPtvJh0ECzAwUsCsJRvXj3EALv74YGO8diIoDnelePnqoWb0/2rCkFiOxz2qiTSfvcsNrnujIcd0uPDfo9Khvn+JwtJNcMO7y5xahBD60KFT5x30ukQxsKQdk7qZOxVwLKTq9yLC/G0=; X-YMail-OSG: gwtlKaIVM1lanCBxuMr28bJvUnXV5CUhMKtNDrRkLG7YgH5 CsZehJ3ZMVBKXK_tdQOJiJHAbUqO8rSdJ8WtiwSInoSgY2IulZYPTvwUwCyq PpjyRF.Tuvz_N7yyKRsRUrxJnS6uZKoi.0DPTTUJoZqjRV17tqc7q3xpfHHn NkPhcJ3MLD_9Q3dighAsW8zQSs3MP4jY8g7mS2tKhgPwoa3V2DltFRZiopg7 ccUh5Y2WcxV8da.I1dAvOnp4FYIFdDisGLEwcVDAATS8bPu94KWzq39TEQdH oaL2XDEG7pKL4AOUTRLD8rjC_p11UzlFPzWFF0ZlEoyfDlIJBVMl4xGugKKA 84EihdVMTbvwYuTT9VYqqtmMNkIqTqur5kpIdJ.a5TZouXl4UKL1YbYLZHsX D2qOOcgfYh7RKrJwzuD9Vdi2uKw8ChAQk0CXOYwsiCHKeDPFmwgboImr7aQ- - Received: from [89.165.120.140] by web162702.mail.bf1.yahoo.com via HTTP; Mon, 13 May 2013 01:45:10 PDT X-Rocket-MIMEInfo: 002.001, SGkgYWxsCkhlcmUncyBhbm90aGVyIFBGIHF1ZXN0aW9uLiBJIHN1cHBvc2UgdGhhdCBmaWx0ZXJpbmcgYmFzZWQgb24gYXJwIHByb3RvY29sIGlzIGFsc2_CoGltcG9zc2libGUgdXNpbmcgUEYganVzdCBsaWtlIE1BQyBhZGRyZXNzIGZpbHRlcmluZy4gQW0gSSByaWdodD8gQWxsIG9mIHRoZXNlIG9wdGlvbnMgYXJlIHN1cHBvcnRlZCBieSBJUEZXLiBXaGF0IGFyZSB3ZSBzdXBwb3NlZCB0byBkbyB3aXRoIHRoZXNlIHByb2JsZW1zPyEgSnVzdCBkb24ndCB1c2UgUEY_ISEBMAEBAQE- X-Mailer: YahooMailWebService/0.8.141.536 Message-ID: <1368434710.30577.YahooMailNeo@web162702.mail.bf1.yahoo.com> Date: Mon, 13 May 2013 01:45:10 -0700 (PDT) From: Nomad Esst Subject: another pf question, arp filtering To: pf list MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Nomad Esst List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 May 2013 08:47:08 -0000 Hi all=0AHere's another PF question. I suppose that filtering based on arp = protocol is also=A0impossible using PF just like MAC address filtering. Am = I right? All of these options are supported by IPFW. What are we supposed t= o do with these problems?! Just don't use PF?!! From owner-freebsd-pf@FreeBSD.ORG Mon May 13 08:48:03 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4E8A14D1 for ; Mon, 13 May 2013 08:48:03 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by mx1.freebsd.org (Postfix) with ESMTP id DEA1EF0A for ; Mon, 13 May 2013 08:48:02 +0000 (UTC) Received: by mail-wi0-f177.google.com with SMTP id hr14so2666250wib.4 for ; Mon, 13 May 2013 01:48:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=5wyvGKClVyOUvHhWMjFgCpkvhZBIaLMGumTb4uMk9Hg=; b=yjWIWf2SQM6SGCiABjyYHfrAzO8v1XFD2n0DY1MInzgy2aq4jE5H9jCu4stTcrwXfM 5OC/wZAjL3nNc6JrgUseq4Ra8Pstflobwb9HiCLV+N9t+bEvnWqq+drZzprU3Iajw8sO 8mejvXlotFOqpu5q9Acfr/pEEMPvg+2wc1U8O8HWywXZ7vyk5jK3XcRyqji8QL0wzXzf p9HpCSbUoZKXgz+BORa16wN8RkzeSbv81Q6wPBdGeJsWcBoz86eaXrcLuJM6vE2oJcCu GypXuRNUlRVhlhsHjW1RJ5koK8y3DbMKnUlED5xDUNz3oWmgrx8dg5MI886POaZQWXN2 mTbw== MIME-Version: 1.0 X-Received: by 10.194.236.198 with SMTP id uw6mr34024837wjc.33.1368434881580; Mon, 13 May 2013 01:48:01 -0700 (PDT) Received: by 10.216.112.10 with HTTP; Mon, 13 May 2013 01:48:01 -0700 (PDT) In-Reply-To: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com> References: <1368434581.59211.YahooMailNeo@web162701.mail.bf1.yahoo.com> Date: Mon, 13 May 2013 11:48:01 +0300 Message-ID: Subject: Re: another pf question, arp filtering From: Kimmo Paasiala To: Nomad Esst Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: pf list X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 May 2013 08:48:03 -0000 On Mon, May 13, 2013 at 11:43 AM, Nomad Esst wrote: > Hi all > Here's another PF question. I suppose that filtering based on arp protoco= l is also impossible using PF just like MAC address filtering. Am I right? = All of these options are supported by IPFW. What are we supposed to do with= these problems?! Just don't use PF?!! > _______________________________________________ Read first on what ARP is in context of the networking. http://en.wikipedia.org/wiki/Address_Resolution_Protocol Basically you're asking the same thing when you're asking whether PF supports filtering based on MAC addresses or filtering by the ARP protocol. You should direct your question to those who designed PF in the first place why they didn't think of including layer2 filtering. -Kimmo