Date: Sat, 24 Apr 2004 14:05:48 +0000 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Gregory Edigarov <greg@profi.kharkov.ua> Subject: Re: pf.conf question Message-ID: <200404241405.57150.max@love2party.net> In-Reply-To: <20040424095157.GA1311@profi.kharkov.ua> References: <20040424095157.GA1311@profi.kharkov.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Saturday 24 April 2004 09:51, Gregory Edigarov wrote: > Hello! > > Does pf support an interface group definition in its filter rulesets, > i.e. something like "ppp*" or "ppp+"? This functionality comes with OpenBSD 3.5 which will be shipping may, 1st. We are working on the import already and hope to be ready by that date as well. The benefit of pf's group syntax and implementation of it, is that you will not have a fnmatch / strncmp call per packet (as is the case for ipfw at the moment). The group syntax will also work with on renamed interfaces, i.e. after "ifconfig ppp0 name wan0" pf will still apply "ppp"-rules to the wan0 interface. We might make this behavior optional - not quite sure at the moment as interface renaming is a bit of a new concept and we don't have much experience with how it is/should be used. http://www.onlamp.com/pub/a/bsd/2004/04/15/pf_developers.html gives a good overview of the changes made during the last two releases (3.4/3.5) and also describes the new interface handling in some detail. -- Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAinREXyyEoT62BG0RAoanAJ9fRvpsrmM2HA7tEHHGKqTUZ+oV5gCfXWu8 RT7+u9HcG0O4M0e2Yg9g/uM= =R1+j -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404241405.57150.max>