I'd say it would probably be a cheaper solution to just code the l2 filtering into pf but would be more of a benefit to you and everyone else to do it on HEAD if its not already there. I believe HEAD uses pf4.5.
-- Jason Hellenthal IS&T Services Professional Inbox: jhellent...@dataix.net JJH48-ARIN On May 11, 2013, at 2:52, Nomad Esst <noname.e...@yahoo.com> wrote: > > As for 8-STABLE this functionality is not available. > > > I'm not tracking 9-* so someone else will have to answer for that. > > > But as far as L2 filtering on the bridge... > > > You will probably want ipfw instead as on 8-* were using pf4.3¿ which on > FreeBSD is L3, & L4 filtering only. > > > If you are looking for a BSD solution for filtering only and your concern > is mainly based on using pf, I will sadly say you should lean on OpenBSD > unless something changes or you are willing > to use access lists on your > switches. > > So bad!!! I'm thinking of developing some utility that do the MAC address > filtering and then send them to PF, so PF can decide about them, whether to > pass or drop them away. Do you have any ieads about that? > > > Now if your concern is mainly wireless the if_wlan interface is capable of > > its own l2 filtering but nothing like pf. > > > Good luck & best packeting, > > > -- > > Jason Hellenthal > > IS&T Services Professional > > Inbox: jhellent...@dataix.net > > JJH48-ARIN > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
