Re: What do you think about PF filtering for encapsulated protocols(e.g pppoe) ?

mzozd <[email protected]> writes:
> we were thinking of patching PF to filter on encapsulated traffic (pppoe
> in particular). 
I may be missing something important (extremely low caffeine levels at
the moment), but filtering pppoe on the TCP/IP level is already quite
doable without patching.  You simply filter on the tun interface
(usually tun0, but of course you may have more than one).  For bridging,
look into the brconfig and bridgename.if manpages - the bridge plus pf
combination is quite flexible.
