Date: Tue, 26 Jun 2018 08:32:09 +0200 From: "Kristof Provost" <kristof@sigsegv.be> To: "Joseph Ward" <jbwlists@hilltopgroup.com> Cc: freebsd-pf@freebsd.org Subject: Re: "egress" group Message-ID: <19CD2668-9ADC-47A5-865F-7CA93732D11C@sigsegv.be> In-Reply-To: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Jun 2018, at 22:12, Joseph Ward wrote: > My current pf.conf contains the following lines (with a lot of other > stuff redacted for irrelevance): > > ext_if="em0" > ... > block log all > pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep > state > > > and it works great; ssh is able to get in. However, when I change > "$ext_if" to "egress", it no longer works. From the various > documentation I've found online, egress should automatically be the > interface which has the default route, and netstat -rn gives me: > ‘egress’ exists in OpenBSD’s pf, but not in FreeBSD. > My goal is for this pf.conf to be able to be used on multiple systems > which unfortunately have different network cards, so the interface > names > are different. If "egress" isn't going to work, is there another way > to > accomplish that goal? > You could rename your network card (ifconfig em0 name foo). That’d let you hide the difference from pf (but you’d have to cope with it in /etc/rc.conf) Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19CD2668-9ADC-47A5-865F-7CA93732D11C>