Peter N. M. Hansteen wrote: > mzozd <[EMAIL PROTECTED]> writes: > > >>we were thinking of patching PF to filter on encapsulated traffic (pppoe >>in particular). > > > I may be missing something important (extremely low caffeine levels at > the moment), but filtering pppoe on the TCP/IP level is already quite > doable without patching. You simply filter on the tun interface > (usually tun0, but of course you may have more than one). For bridging, > look into the brconfig and bridgename.if manpages - the bridge plus pf > combination is quite flexible. > Hello there.
As far it concerns PF, yes you may filter your traffic on a tun(4) or pppoe(4) interface. However, you can't add a tun(4) or a pppoe(4) interface to a bridge for they are point-to-point links. PF is actually filtering on the point-to-point pseudo-interface (a tun(4)/pppoe(4)) and NOT on the ethernet carrier where the transmitted frames are encapsulated pppoe. Thanks, MzOzD
