So you can't use 'tagged' here. I think from the pf point of
view it wouldn't make too much sense anyway, because rdr happens
before anything else -- so there actually can't exist any rule
which would have already tagged the packet.
In a bridge a packet can be tagged before it reaches pf,
Hi,
We have a pair of 3.5-current PF boxes doing traffic shaping and CARP.
One client has a large bandwidth ceiling. They're currently well
below the limit; activity on the switch shows that they're pushing
about 15Mb in and 15Mb out. With a limit of 64Mb, I would expect all
traffic to go
* Danilo Kempf [EMAIL PROTECTED] [2004-10-12 10:36]:
Andy Wettstein wrote:
I think I rule like this would work:
rdr on $wireless_if proto tcp tagged ! WIFI from any to any \
port www - ($wireless_if)
but I get a syntax error when I try to load the ruleset.
So I wonder if I
On Tue, Oct 12, 2004 at 11:31:40AM +0200, Henning Brauer wrote:
sure it can, from bridge or another interface.
I basically just forgot tagged on rdr/nat rules. maybe i find a
little time after that other pf diff is out of my tree... should be
trivial to add.
sounds great. In the
I've searched a fair bit and started some research into the pf code
looking for a way to identify packets at the application layer.
I believe that the functionality (just some simple text searching
inside the packet payload) would have to be inserted inside
pf_test_tcp() using a functional block
