From owner-freebsd-ipfw@FreeBSD.ORG  Thu May 21 16:36:40 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DD05B1065692
	for <freebsd-ipfw@freebsd.org>; Thu, 21 May 2009 16:36:40 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129])
	by mx1.freebsd.org (Postfix) with ESMTP id 59DD08FC16
	for <freebsd-ipfw@freebsd.org>; Thu, 21 May 2009 16:36:37 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
	id 1499873098; Thu, 21 May 2009 18:42:25 +0200 (CEST)
Date: Thu, 21 May 2009 18:42:25 +0200
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: Freddie Cash <fjwcash@gmail.com>
Message-ID: <20090521164225.GB50606@onelab2.iet.unipi.it>
References: <9a542da30905210720y50fafe59ld3459c9e76ef5824@mail.gmail.com>
	<20090521150113.GA47160@onelab2.iet.unipi.it>
	<b269bc570905210849s202084d2h15e991683d1b112b@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b269bc570905210849s202084d2h15e991683d1b112b@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Does ipfw support interface groups?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2009 16:36:55 -0000

On Thu, May 21, 2009 at 08:49:30AM -0700, Freddie Cash wrote:
> On Thu, May 21, 2009 at 8:01 AM, Luigi Rizzo <rizzo@iet.unipi.it> wrote:
> > On Thu, May 21, 2009 at 04:20:48PM +0200, Ermal Lu?i wrote:
> >> can ipfw use somehow interface groups as pf(4) can?
> >> From a quick glance at documentation and not so through look at code
> >> it does not but i am sending this just if i missed something during my
> >> search!
> >
> > something like
> > ?? ?? ?? ??... { recv ed0 or recv xl1 or recv ath4 or recv vlan0 } ...
> > is perhaps not so nice but does the job.
> 
> Seriously??!!
> 
> Luigi, you just made my day.  :)  Writing duplicate sets of rules for
> multi-homed firewalls where the only thing that's different is the
> incoming interface has been a pain ...

you can always put multiple rules that check the variant part
and skipto the common one

	ipfw add 100 skipto 2000 in recv xl1
	ipfw add 100 skipto 2000 in recv bge0
	...
	ipfw add 100 count // interface not recognised
	ipfw add 2000 ...  // do the common part

cheers
luigi