mzozd <[EMAIL PROTECTED]> writes: > we were thinking of patching PF to filter on encapsulated traffic (pppoe > in particular).
I may be missing something important (extremely low caffeine levels at the moment), but filtering pppoe on the TCP/IP level is already quite doable without patching. You simply filter on the tun interface (usually tun0, but of course you may have more than one). For bridging, look into the brconfig and bridgename.if manpages - the bridge plus pf combination is quite flexible. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
