From owner-freebsd-questions@freebsd.org  Fri Feb 10 22:50:55 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75D7BCD901B
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 10 Feb 2017 22:50:55 +0000 (UTC) (envelope-from dniven@ucsc.edu)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com
 [IPv6:2607:f8b0:4001:c0b::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46F3B19C7
 for <freebsd-questions@freebsd.org>; Fri, 10 Feb 2017 22:50:55 +0000 (UTC)
 (envelope-from dniven@ucsc.edu)
Received: by mail-it0-x22b.google.com with SMTP id x75so4084892itb.0
 for <freebsd-questions@freebsd.org>; Fri, 10 Feb 2017 14:50:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ucsc.edu; s=ucsc-google;
 h=mime-version:from:date:message-id:subject:to;
 bh=W0bm5jzst1eqtXThPALHPIVy5P6Nzgue8edLJLO99gc=;
 b=Cj/wVCKaRxyhKVGMHzkI+JrsVhACJMwyV3AuEuD79EmBjdoAxPnfPdyYia4Zk2UYGd
 JyVzIQSCVmUAE+yU6oSIO8y+SL8C3iQqp3ZIxefvhrS5OEMWWpzEwPrEXmsBd1ygBD0M
 2MtlkYqbr1jZnlfeplXz49WKEtykaf/PR329U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=W0bm5jzst1eqtXThPALHPIVy5P6Nzgue8edLJLO99gc=;
 b=YC/qeuKDKfMdJC8DLctoJHU49EZffLhf3FYOS5n0YfxAlEKK3CqdHLrOlGA87aZp5w
 yTToW3JGRRFZ6sM+aMVCJccrl3FMaegUTn7sKDh0vSvYqH18tChxrmNgrJu2gy3pBRUE
 wLf3vvJzgcWyS1td5ga7J7nCsAiURPgRdmOJfXStwW0S36CTnqHhBEayixmOucFeDWn5
 +5BiaWgRHhhlYu1BMerElLftTXf6AwfInRgoeGSJC7lgMJJwPyGg65BSn4H6AaQROzLe
 dcIRvzkukJ80plthDzmxl/ZmCRIGkqKQwGOMpQ7aU7fWtlFdmLYW/WNmYezXAEBT/Mng
 M9Og==
X-Gm-Message-State: AIkVDXLvVCS2Moc3UKVxs5de5qTe0C8vZaxfBVf8GXgO965KH07bvIMzEQU5uVCkCfCdjFPqK/vsJ40u4mT0Cg6d
X-Received: by 10.36.53.78 with SMTP id k75mr30797149ita.45.1486767054449;
 Fri, 10 Feb 2017 14:50:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.115.5 with HTTP; Fri, 10 Feb 2017 14:50:34 -0800 (PST)
From: Doug Niven <dniven@ucsc.edu>
Date: Fri, 10 Feb 2017 14:50:34 -0800
Message-ID: <CAFcpV2Pfv+BOhMR3keWj9P1tPfDC8OxeGghHvyDeHN2O8-8NVg@mail.gmail.com>
Subject: PF question
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 22:50:55 -0000

Hi Folks,

This may be a little off-topic but I know there are some PF experts out there...

The following PF rule successfully blocks out "off campus" traffic to
port 22, but it only blocks it if the interface name is "en0"

How can I tweak this so it will block out port 22 for ANY/ALL
interfaces on the host, even if I don't know their names?


     table <friendlies> { 111.222.0/16, 222.333.0.0/16 } persist
     block in proto tcp from any to any port {22}
     pass in on en0 proto tcp from <friendlies> to (en0) port {22}
flags S/SA keep state

Thanks in advance for your expertise.

Doug