Date: Tue, 26 Jun 2018 10:06:58 +0200 From: Patrick Lamaiziere <patrick@davenulle.org> To: Joseph Ward <jbwlists@hilltopgroup.com> Cc: freebsd-pf@freebsd.org Subject: Re: "egress" group Message-ID: <20180626100658.2f758bdc@mr185083> In-Reply-To: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Mon, 25 Jun 2018 16:12:49 -0400, Joseph Ward <jbwlists@hilltopgroup.com> a =C3=A9crit : Hello, > My goal is for this pf.conf to be able to be used on multiple systems > which unfortunately have different network cards, so the interface > names are different.=C2=A0 If "egress" isn't going to work, is there > another way to accomplish that goal? You can use some interface groups. ifconfig_ix0=3D"inet 192.168.20.251/24 group CARPDEV group IFFOO" then in pf.conf use the groups pass in on IFFOO ... or pass quick on CARPDEV proto carp keep state (no-sync) There are several restrictions, you can't use group interface in pf rules "set skip" and on nat/route-to rules. And the name of a group cannot end by a number (IFFOO1 -> invalid) But that's work fine, we use groups a lot here. Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180626100658.2f758bdc>