-ray wrote: > How do you block by mac address in pf? A layer 3, not in the bridge > utils (at layer 2). Just seems more convenient to do it in pf.
hmm. A MAC address is, by definition, layer 2. That said, if the machine running pf is acting as a bridge, it can be done to a certain degree. See: http://www.openbsd.org/faq/pf/tagging.html > > In iptables you can MARK packets, and make decisions based on the mark > later in the ruleset. Possible in pf? above link explains this concept as well. rules can also have labels which is handing for sorting logs, stats gathering and review, etc. > > In iptables, you can create new chains and jump to those chains very > early in the ruleset, significantly reducing the number or linear rule > traversals. Does pf have the concept of chains? no chains. but similar manipulations can be done. you would just do it a bit differently in pf. review docs for tables, lists and macros. > > ray > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
