ng_tag and pf?
Max Laier
max at love2party.net
Tue Apr 17 18:20:53 UTC 2007
On Tuesday 17 April 2007 19:25, Bill Marquette wrote:
> Is it possible to use ng_tag in conjunction with pf? I have a setup
> in OpenBSD currently where I use the bridge interface to apply a tag
> to a packet based on the mac address so that when pf gets the packet
> it can apply a reply-to rule to it to keep traffic flows symmetric
> (the upstream device(s) also keep state, so the reply path has to be
> the same). I'm looking to duplicate this in FreeBSD with pf and I
> think ng_tag and maybe ng_bpf can make this happen, but I'm at a bit
> of a loss as to how at this point. Any pointers or at least a "yes
> it's absolutely possible, figure it out and let us know the exact
> config" answer would be very much appreciated. Thanks
Not at the moment. I put out a project idea to integrate pf with netgraph
some while ago (as I don't have time to code it myself). There were two
applications for the Google Summer of Code program to implement this, but
neither were selected. However, another student who did apply for SoC as
well and was (slightly) outranked with his original proposal is now
pursueing this idea. He plans to work within similar bounds as the other
SoC-students.
To sum this up, stay tuned from something to happen. Ideas, feedback and
feature requests are certainly welcome.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070417/8177ae19/attachment.pgp
More information about the freebsd-pf
mailing list