From owner-freebsd-net@FreeBSD.ORG  Sat Aug 11 00:15:18 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4ED8416A41A
	for <freebsd-net@freebsd.org>; Sat, 11 Aug 2007 00:15:18 +0000 (UTC)
	(envelope-from tieres.white@gmail.com)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250])
	by mx1.freebsd.org (Postfix) with ESMTP id 1069013C45E
	for <freebsd-net@freebsd.org>; Sat, 11 Aug 2007 00:15:17 +0000 (UTC)
	(envelope-from tieres.white@gmail.com)
Received: by an-out-0708.google.com with SMTP id c14so219780anc
	for <freebsd-net@freebsd.org>; Fri, 10 Aug 2007 17:15:17 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
	b=Q1tGE6n3iXyF3Gj3e/yWwurbLIoYOxbkxDC5V6OBxHcALmek347RJGqdcE1YAHPrEHvEHQWe9Ve08tGDKUoC62vfoyAE7r2nsmjvPZvFr5ViVMy2HnZyRVm5nDYjD/oLOHY2GKmflPmHEWU/EV9kud5KeXLQi0q3I2yECPRC7XU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:to:subject:mime-version:content-type;
	b=qF/foyfHta6O6bnub024a4Aa6WywDuRlHGwpFGvKnynkooNHUH36OfYagf9+scEwjoQU/IeP+l1YprhTk3SVf/8cFrc+SMzHQ742W+Amcz34U2Z+s250mqCJfd6PG8VPemByOeI6lDYYTcKKxXLi5SJfhqU1OSdmnfgrCFOJ1iY=
Received: by 10.100.111.16 with SMTP id j16mr3592861anc.1186789678778;
	Fri, 10 Aug 2007 16:47:58 -0700 (PDT)
Received: by 10.100.165.13 with HTTP; Fri, 10 Aug 2007 16:47:58 -0700 (PDT)
Message-ID: <b8e746fc0708101647s6334ff8bv429fe6903b795a8e@mail.gmail.com>
Date: Fri, 10 Aug 2007 18:47:58 -0500
From: "Tieres White" <tieres.white@gmail.com>
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: bridging, pf, and rdr
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2007 00:15:18 -0000

I have a bridging firewall in place using FreeBSD 6.1, if_bridge, and pf.
I'd like to be able to block IP addresses by default on the bridge, but
selectively allow people through.  This is easily accomplished with a table,
however it would be nice if I could also alert people as to why they aren't
currently allowed access through the firewall.  rdr rules would appear to
accomplish this, but for some reason, it just doesn't seem to work.

Has anyone here done anything like this?  Do you have any suggestions?