[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What do you think about PF filtering for encapsulated protocols(e.g pppoe) ?

mzozd <[email protected]> writes:
> we were thinking of patching PF to filter on encapsulated traffic (pppoe
> in particular). 
I may be missing something important (extremely low caffeine levels at
the moment), but filtering pppoe on the TCP/IP level is already quite
doable without patching.  You simply filter on the tun interface
(usually tun0, but of course you may have more than one).  For bridging,
look into the brconfig and bridgename.if manpages - the bridge plus pf
combination is quite flexible.
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"