Please go in detail about this issue on why you would need to filter layer 2.
I see very little benefit to having the ability to filter on layer 2 except in some very special cases and IPv6 isn't one of them that I'm aware of. Best regards, Richard Gallamore On Fri, Jul 10, 2020 at 10:57 AM <l.m.v.br...@xs4all.nl> wrote: > Hello, > > I am using pfSense, build on top of pf. And of course pfSense/pf is a > terrific firewall, however the world is changing in the direction of IPV6 > and that leads to new issues and related new requirements. > > One of the major issues is that IPV6 does not provide a stable source > address you can use to filter in your firewall. > > Many firewalls “out there” are *using the level-2 mac as a way around this > issue*. � However ….. pfSense cannot provide that functionality, since it > is built on top of …… pf. > > Tja, and then there is a “striking” issue ….. suppose that pfSense would > have been built on top of OpenBSD, still using pf ………. That had been > possible ……. > > So as user I would be very pleased if there could be a joined “pf-release” > having *best of both worlds* !!!! > > Assume we were running OpenBSD …… things like � � > > step-1: ifconfig bridge0 rule pass in on fxp0 src <mac-address> tag > <sometag> > step-2: And then in pf.conf: pass in on fxp0 tagged <sometag> (policy > based rule) > > would have been an option, …. not saying it is the best option ….. > �better option would be if pf could set the tag itself > > Whatever please consider adding this functionality to pf preferable on > short term, since IPV6 is fast becoming very important! > > Sincerely, > > � > > Louis > > PS … should I raise an feature request for this? > > � > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
