Fwd: ng_tag and pf?
- From: "Bill Marquette" <bill.marquette@xxxxxxxxx>
- Date: Tue, 17 Apr 2007 13:00:29 -0500
Forwarding to -net to get a larger audience. Any help would be
appreciated. Thanks
--Bill
---------- Forwarded message ----------
From: Bill Marquette <bill.marquette@xxxxxxxxx>
Date: Apr 17, 2007 12:25 PM
Subject: ng_tag and pf?
To: "freebsd-pf@xxxxxxxxxxx" <freebsd-pf@xxxxxxxxxxx>
Is it possible to use ng_tag in conjunction with pf? I have a setup
in OpenBSD currently where I use the bridge interface to apply a tag
to a packet based on the mac address so that when pf gets the packet
it can apply a reply-to rule to it to keep traffic flows symmetric
(the upstream device(s) also keep state, so the reply path has to be
the same). I'm looking to duplicate this in FreeBSD with pf and I
think ng_tag and maybe ng_bpf can make this happen, but I'm at a bit
of a loss as to how at this point. Any pointers or at least a "yes
it's absolutely possible, figure it out and let us know the exact
config" answer would be very much appreciated. Thanks
--Bill
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: Page fault in syncache_drop
- Next by Date: Re: ng_tag and pf?
- Previous by thread: fake MAC addresses and ARP
- Next by thread: Re: ng_tag and pf?
- Index(es):
Relevant Pages
- Re: route metric
... > features like CEF that take advantage of hardware packet forwarding. ...
(freebsd-net) - Re: need ipfw clarification
... IPFW forwarding forwards packets and rewrites ... The packet just shows
up at the other place without any clue as to how ... The second form is when the local machine
is the target. ... machine so doing a getsocknamereturns the address of the intended target.
... (FreeBSD-Security) - RE: help forwarding
... On Behalf Of kanhu rauta ... >for tcp,one way forwarding is no problem.('a'
sends a syn packet having ... then system 'b' hangs. ... (RedHat) - Re: multiple routing tables review patch ready for simple testing.
... We could put a packet classifier into the kernel which works just fine for DOCSIS consumer
distribution networks, but has absolutely no relevance to an ATM backbone. ... IS possible that
an interface in the future might have a default ... For now, the limitations of the system
should be documented so that users don't inadvertently configure local forwarding loops, even
for unicast traffic; with multicast, the amplification effect of misconfiguration is inherently more
damaging to a network. ... I see you tweaked verify_pathto do the lookup in the numbered FIB.
... (freebsd-net) - Re: RELENG_5 ipfw problem
... >> options to dummynet and it can only do that if dummynet is loaded. ...
Here the ipfw code just tags the packet ... >> few places where we have to inspect
each packet it carries this tag. ... > ipfw2 initialized, divert disabled, rule-based
forwarding enabled, default to deny, logging disabled ... (freebsd-current)
