Date: Wed, 8 May 2024 18:57:17 +0200 From: Dirk-Willem van Gulik <dirkx@webweaving.org> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: IPv6 and IPv4 combined rules in pf.conf Message-ID: <0C18B410-E90B-4295-B09E-43B48F9191A4@webweaving.org>
next in thread | raw e-mail | index | archive | help
For dual stack hosts; with both an IPv4 and IPv6 CIDR that they are listening to - is there a recommended way to setup pf.conf to avoid mistakes/duplication ?
To avoid duplication in constructs such as:
# Foo app servers
foobarserver_host4=231.17.X.Y
foobarserver_host6=fe80::5246:…
# Load balancers - direct or via tun0 in post/fail-back
bar_net=X.Y.Z.Z #
bar_net6=fe80::5246:… #
…
pass in on { tun0, $ext_if } proto udp from $bar_net to $foobarserver_host4 port 2194 keep state
pass in on { tun0, $ext_if } proto udp6 from bar_net6 $var to $foobarserver_host6 port 2194 keep state
Is there some recommended way of doing this in stock FreeBSD ? Or does one usually end up with some sort of macro/generate style solution ?
Dw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0C18B410-E90B-4295-B09E-43B48F9191A4>