From owner-freebsd-current@FreeBSD.ORG Sat Apr 24 05:04:48 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12FC516A4CE for ; Sat, 24 Apr 2004 05:04:48 -0700 (PDT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE2C843D5D for ; Sat, 24 Apr 2004 05:04:47 -0700 (PDT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BHLtm-000824-00; Sat, 24 Apr 2004 14:04:46 +0200 Received: from [217.227.152.81] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BHLtm-0007NM-00; Sat, 24 Apr 2004 14:04:46 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Sat, 24 Apr 2004 14:05:48 +0000 User-Agent: KMail/1.6.1 References: <20040424095157.GA1311@profi.kharkov.ua> In-Reply-To: <20040424095157.GA1311@profi.kharkov.ua> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_ERniAUwTHWjB1UZ"; charset="koi8-r" Content-Transfer-Encoding: 7bit Message-Id: <200404241405.57150.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: Gregory Edigarov Subject: Re: pf.conf question X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Apr 2004 12:04:48 -0000 --Boundary-02=_ERniAUwTHWjB1UZ Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 24 April 2004 09:51, Gregory Edigarov wrote: > Hello! > > Does pf support an interface group definition in its filter rulesets, > i.e. something like "ppp*" or "ppp+"? This functionality comes with OpenBSD 3.5 which will be shipping may, 1st. = We=20 are working on the import already and hope to be ready by that date as well= =2E=20 The benefit of pf's group syntax and implementation of it, is that you will= =20 not have a fnmatch / strncmp call per packet (as is the case for ipfw at th= e=20 moment). The group syntax will also work with on renamed interfaces, i.e.=20 after "ifconfig ppp0 name wan0" pf will still apply "ppp"-rules to the wan0= =20 interface. We might make this behavior optional - not quite sure at the=20 moment as interface renaming is a bit of a new concept and we don't have mu= ch=20 experience with how it is/should be used. http://www.onlamp.com/pub/a/bsd/2004/04/15/pf_developers.html gives a good= =20 overview of the changes made during the last two releases (3.4/3.5) and als= o=20 describes the new interface handling in some detail. =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_ERniAUwTHWjB1UZ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAinREXyyEoT62BG0RAoanAJ9fRvpsrmM2HA7tEHHGKqTUZ+oV5gCfXWu8 RT7+u9HcG0O4M0e2Yg9g/uM= =R1+j -----END PGP SIGNATURE----- --Boundary-02=_ERniAUwTHWjB1UZ--