pf and bridging
Andre Oppermann
andre at freebsd.org
Sat Dec 4 13:59:47 PST 2004
Max Laier wrote:
>
> On Thursday 02 December 2004 19:45, Petr Holub wrote:
> > Hi all,
> >
> > I wonder if it is possible to use the new pf firewall together with
> > bridging as it is possible to use it with ipf and ipfw.
>
> Unfortunately the PFIL_HOOKS in bridge.c don't work too well for pf (or ipf
> for the same reason) thus you cannot use stateful filtering. There is an
> ongoing discussion on freebsd-pf@ that talks about the details:
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000621.html
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000625.html
> http://lists.freebsd.org/pipermail/freebsd-pf/2004-December/000631.html
I'll do the Layer 2 ipfw pfil_hook conversion next when I've finished
the rewrite of TCP reassembly in a few days.
--
Andre
More information about the freebsd-net
mailing list