[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PF MAC Filter

As I understand 'The PF + Bridge Caution'  - it is a risk of tanglefoot - as
packets are going in and out of at least two interfaces, giving four PF
filtering scenarios, it is easy to get it wrong or not get a small bit of it
just right - especially if you are keeping states. The rule of thumb is to
do your keep state on one interface, in one direction, and pass on the
others. or find a quiet place and think alot. =) oh and randomized sequence
numbers should only be done once if you can.
but if your in need of the MAC level, well... that happens at the
bridgename.if level and without all the fancy macro stuff that PF has -
static  -  see brconfig too
once you get it figured - think about posting to the Wiki
-----Original Message-----
From: Sancho2k.net Lists [mailto:lists@sancho2k.net]
Sent: Wednesday, February 26, 2003 7:19 PM
To: Laurent Cheylus
Cc: pf@benzedrine.cx
Subject: Re: PF MAC Filter
Laurent Cheylus wrote:
> Shawn Mitchell <shawnm@iodamedia.net> wrote :
>>Is it possable to specify a MAC Address filter?
> Yes, with transparent firewalling (bridge mode) : see FAQ 6.10
> http://www.openbsd.org/faq/faq6.html#Bridge
> Do you block some nasty attacks with ARP : ARP spoofing with tools like
Hunt or
> Arp-sk ?
> Be carefull with bridge mode : a good configuration is difficult and may
be a
> source of problems.
> Foxy.
Do you (or anyone else) mind commenting on what those problems might be? 
I'm running a bridging firewall here at home and am curious what to 
look/watch for.
Darren Spruell