PF Ethernet filtering

[jem]

I'm trying to add ethernet filtering rules to my pf(4) ruleset, but I'm struggling to specify a layer 2 protocol (ethertype) properly. The rules are in the right place in the file (following the Options section, before the Traffic Normalization section).

pf.conf(5) says:

proto <protocol>
This rule applies only to packets of this protocol. Note that Ethernet protocol numbers are different from those used in ip(4)and [ip6(4).

This implies we should specify a protocol by its number, however using the hex number doesn't work:

[root@router ~] # grep 0x886 /etc/pf.conf
pass quick on igb5.911 proto 0x8863
pass quick on igb5.911 proto 0x8864

[root@router ~] # pfctl -nf /etc/pf.conf
/etc/pf.conf:50: unknown protocol 0x8863
/etc/pf.conf:51: unknown protocol 0x8864

(Ethertypes 0x8863 and 0x8864 are PPPoE Discovery and PPPoE Session.)

I've tried converting the hex values to decimal, and omitting the '0x' then pf complains "protocol outside range". Enclosing the value in quotes gives me "unknown protocol".

I can't find any mapping of layer 2 protocol numbers to names, like layer 3 (protocols(5)) and layer 4 (services(5)) have.

Anyone know what the correct protocol specification format is?

 

[Kristof Provost]

Ethernet rules always start with `ether`.

ether block proto 0x0806

 

[jem]

Ethernet rules always start with `ether`.

Oh, I'm an idiot. In fairness, the "ETHERNET FILTERING" section of pf.conf(5) neglects to mention that. It's only in the "GRAMMAR" section at the end of the man page that it's made clear.

I had assumed that the mandatory ordering of sections in pf.conf distinguished ethernet rules from IP rules.