On Tuesday 17 April 2007 19:25, Bill Marquette wrote: > Is it possible to use ng_tag in conjunction with pf? I have a setup > in OpenBSD currently where I use the bridge interface to apply a tag > to a packet based on the mac address so that when pf gets the packet > it can apply a reply-to rule to it to keep traffic flows symmetric > (the upstream device(s) also keep state, so the reply path has to be > the same). I'm looking to duplicate this in FreeBSD with pf and I > think ng_tag and maybe ng_bpf can make this happen, but I'm at a bit > of a loss as to how at this point. Any pointers or at least a "yes > it's absolutely possible, figure it out and let us know the exact > config" answer would be very much appreciated. Thanks
Not at the moment. I put out a project idea to integrate pf with netgraph some while ago (as I don't have time to code it myself). There were two applications for the Google Summer of Code program to implement this, but neither were selected. However, another student who did apply for SoC as well and was (slightly) outranked with his original proposal is now pursueing this idea. He plans to work within similar bounds as the other SoC-students. To sum this up, stay tuned from something to happen. Ideas, feedback and feature requests are certainly welcome. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgp66Hq4G9vCB.pgp
Description: PGP signature
