From owner-freebsd-questions@FreeBSD.ORG Sat Feb 9 14:22:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7620316A41A for ; Sat, 9 Feb 2008 14:22:44 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-31.bluehost.com (outbound-mail-31.bluehost.com [69.89.18.151]) by mx1.freebsd.org (Postfix) with SMTP id 5036913C44B for ; Sat, 9 Feb 2008 14:22:44 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 32362 invoked by uid 0); 9 Feb 2008 14:22:43 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by mailproxy2.bluehost.com with SMTP; 9 Feb 2008 14:22:43 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtpa (Exim 4.68) (envelope-from ) id 1JNqbL-0003bb-PP for freebsd-questions@freebsd.org; Sat, 09 Feb 2008 07:22:43 -0700 Received: by demeter.hydra (sSMTP sendmail emulation); Sat, 9 Feb 2008 07:22:42 -0700 Date: Sat, 9 Feb 2008 07:22:42 -0700 From: Chad Perrin To: FreeBSD Questions Message-ID: <20080209142242.GA50808@demeter.hydra> Mail-Followup-To: FreeBSD Questions References: <20080208133822.GA46647@demeter.hydra> <47AC5EE3.1010003@locolomo.org> <20080208221154.GB47822@demeter.hydra> <47AD829E.904@locolomo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47AD829E.904@locolomo.org> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.com} {sentby:smtp auth 24.9.123.251 authed with perrin@apotheon.com} Subject: Re: pf.conf for variable interfaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2008 14:22:44 -0000 On Sat, Feb 09, 2008 at 11:38:22AM +0100, Erik Norgaard wrote: > Chad Perrin wrote: > >>How about this: > >> > >>ext_ifs = "{" iwi0 bge0 "}" > >>block in quick on ext_ifs all > >>pass out quick on ext_ifs all keep state > >>... > >> > >> > >>As long as you don't need statements like iwi0:network which you > >>shouldn't on an endpoint, then I guess this will work. > > > >Thanks. That looks like the answer I wanted. I don't know why I can't > >find any documentation that offers an example of this. Maybe I'm losing > >my Google mojo. > > how about man pages? ;-) > > man pf.conf is a really good reference. Yeah, I looked through that one. I didn't read every single word, but I spent quite a bit of time on it without finding what I was looking for. The only thing I've found there (now that I know what the solution looks like in advance) that might have given me a clear hint is this line: all_ifs = "{" $ext_if lo0 "}" . . . so thanks for the not-much-help after the fact. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Baltasar Gracian: "A wise man gets more from his enemies than a fool from his friends."