pf: matching untagged traffic

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pf: matching untagged traffic

Damien Miller
Hi,

Is it possible for pf to match traffic that has not been tagged?
It seems possible to match a tag, or traffic that lacks a particular tag
but I can't see any way to match traffic that has no tag at all?

Any clues?

Context: I'd like to tag at input particular traffic for specific
outbound processing but have a catch-all for everything else.

-d

Reply | Threaded
Open this post in threaded view
|

Re: pf: matching untagged traffic

David Higgs
On Tue, Jul 24, 2018 at 6:15 AM Damien Miller <[hidden email]> wrote:

> Hi,
>
> Is it possible for pf to match traffic that has not been tagged?
> It seems possible to match a tag, or traffic that lacks a particular tag
> but I can't see any way to match traffic that has no tag at all?
>
> Any clues?
>
> Context: I'd like to tag at input particular traffic for specific
> outbound processing but have a catch-all for everything else.


Tag everything CATCHALL to start with, re-tag as you are currently doing,
then process your CATCHALL packets.

—david