From owner-freebsd-pf@freebsd.org  Tue Jun 26 08:07:21 2018
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78F10101897E
 for <freebsd-pf@mailman.ysv.freebsd.org>; Tue, 26 Jun 2018 08:07:21 +0000 (UTC)
 (envelope-from patrick@davenulle.org)
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 093AD856BC
 for <freebsd-pf@freebsd.org>; Tue, 26 Jun 2018 08:07:20 +0000 (UTC)
 (envelope-from patrick@davenulle.org)
Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by
 mx.zohomail.com with SMTPS id 1530000422651887.3266947071393;
 Tue, 26 Jun 2018 01:07:02 -0700 (PDT)
Date: Tue, 26 Jun 2018 10:06:58 +0200
From: Patrick Lamaiziere <patrick@davenulle.org>
To: Joseph Ward <jbwlists@hilltopgroup.com>
Cc: freebsd-pf@freebsd.org
Subject: Re: "egress" group
Message-ID: <20180626100658.2f758bdc@mr185083>
In-Reply-To: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com>
References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com>
X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 08:07:21 -0000

Le Mon, 25 Jun 2018 16:12:49 -0400,
Joseph Ward <jbwlists@hilltopgroup.com> a =C3=A9crit :

Hello,

> My goal is for this pf.conf to be able to be used on multiple systems
> which unfortunately have different network cards, so the interface
> names are different.=C2=A0 If "egress" isn't going to work, is there
> another way to accomplish that goal?

You can use some interface groups.
ifconfig_ix0=3D"inet 192.168.20.251/24 group CARPDEV group IFFOO"

then in pf.conf use the groups
pass in on IFFOO ...

or
pass quick on CARPDEV proto carp keep state (no-sync)

There are several restrictions, you can't use group interface in
pf rules "set skip" and on nat/route-to rules. And the name of a group
cannot end by a number (IFFOO1 -> invalid)

But that's work fine, we use groups a lot here.

Regards