pf has marking methods, if you read the pf manuel it tells you how. they also have rules for no continuing down the list of rules.
http://www.openbsd.org/faq/pf/ If i wanted to block by mac i would use ipfw in BSD. > > A few questions for the BSD users. All you linux losers just delete > this, haha :) > (http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html) > > > > We use iptables a lot. I was talking with one of my student interns, > who has a preference for BSD, and i (naively) told him 'sure, pf can > do anything iptables can do'. A few things we ran into: > > How do you block by mac address in pf? A layer 3, not in the bridge > utils (at layer 2). Just seems more convenient to do it in pf. > > In iptables you can MARK packets, and make decisions based on the mark > later in the ruleset. Possible in pf? > > In iptables, you can create new chains and jump to those chains very > early in the ruleset, significantly reducing the number or linear rule > traversals. Does pf have the concept of chains? > > ray
