Date: Wed, 8 May 2024 18:57:17 +0200 From: Dirk-Willem van Gulik <dirkx@webweaving.org> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: IPv6 and IPv4 combined rules in pf.conf Message-ID: <0C18B410-E90B-4295-B09E-43B48F9191A4@webweaving.org>
next in thread | raw e-mail | index | archive | help
For dual stack hosts; with both an IPv4 and IPv6 CIDR that they are =
listening to - is there a recommended way to setup pf.conf to avoid =
mistakes/duplication ?
To avoid duplication in constructs such as:
# Foo app servers
foobarserver_host4=3D231.17.X.Y
foobarserver_host6=3Dfe80::5246:=E2=80=A6
# Load balancers - direct or via tun0 in post/fail-back=20
bar_net=3DX.Y.Z.Z #=20
bar_net6=3Dfe80::5246:=E2=80=A6 #=20
=E2=80=A6
pass in on { tun0, $ext_if } proto udp from $bar_net to =
$foobarserver_host4 port 2194 keep state
pass in on { tun0, $ext_if } proto udp6 from bar_net6 $var to =
$foobarserver_host6 port 2194 keep state
Is there some recommended way of doing this in stock FreeBSD ? Or does =
one usually end up with some sort of macro/generate style solution ?
Dw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0C18B410-E90B-4295-B09E-43B48F9191A4>