From owner-freebsd-questions@FreeBSD.ORG Fri Feb 8 13:38:24 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB56816A539 for ; Fri, 8 Feb 2008 13:38:24 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-03.bluehost.com (outbound-mail-03.bluehost.com [69.89.21.13]) by mx1.freebsd.org (Postfix) with SMTP id 4322913C44B for ; Fri, 8 Feb 2008 13:38:24 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 25383 invoked by uid 0); 8 Feb 2008 13:38:23 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by mailproxy1.bluehost.com with SMTP; 8 Feb 2008 13:38:23 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtpa (Exim 4.68) (envelope-from ) id 1JNTQt-0004UH-Lr for freebsd-questions@freebsd.org; Fri, 08 Feb 2008 06:38:23 -0700 Received: by demeter.hydra (sSMTP sendmail emulation); Fri, 8 Feb 2008 06:38:22 -0700 Date: Fri, 8 Feb 2008 06:38:22 -0700 From: Chad Perrin To: FreeBSD Questions Message-ID: <20080208133822.GA46647@demeter.hydra> Mail-Followup-To: FreeBSD Questions Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.com} {sentby:smtp auth 24.9.123.251 authed with perrin@apotheon.com} Subject: pf.conf for variable interfaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2008 13:38:25 -0000 I'm setting up PF on a FreeBSD laptop that sometimes uses the wireless device (iwi0) as its external interface, and sometimes uses the RJ-45 ethernet device (bge0) as its external interface. Unfortunately, I haven't figured out yet how to make that happen. I'd like to be able to have the $ext_if value change depending on which interface is active and being used to connect to the outside world. Do I just need to create two full sets of rules in my pf.conf (or use a script to rewrite that file from scratch each time), even though I'll be using exactly the same rules for PF regardless of which interface I'm using, or is there some simple way to avoid that sort of redundancy? What am I overlooking? -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Baltasar Gracian: "A wise man gets more from his enemies than a fool from his friends."