kern/164402: [pf] pf crashes with a particular set of rules when
first matching packet arrives
Ermal Luçi
eri at freebsd.org
Tue Apr 17 19:19:51 UTC 2012
On Tue, Apr 17, 2012 at 6:32 PM, Bjoern A. Zeeb
<bzeeb-lists at lists.zabbadoz.net> wrote:
>
> On 17. Apr 2012, at 09:48 , Gleb Smirnoff wrote:
>
>> Replying on only on paragrapg, everything else agreed.
>>
>> On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote:
>> E> The only problem i might see is when running more than one firewall
>> E> together but still there are other issues when you do that at pfil(9)
>> E> level.
>>
>> Well, playing with two firewalls was never safe and clear, there always
>> be edge cases in such setups.
>
> A lot of people have used ipfw to filter L2 MAC addresses etc and pf for everything else in the past. So certainly is not an edge case.
I know that since pfSense uses that extenively.
But this does not break this case.
It only affects packets going back at ip level.
with ipfw you cannot filter L2 MAC on pfil(9) level AFAIR.
>
> --
> Bjoern A. Zeeb You have to have visions!
> It does not matter how good you are. It matters what good you do!
>
--
Ermal
More information about the freebsd-pf
mailing list