Date: Thu, 27 Sep 2007 20:52:49 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: Rule doubt Message-ID: <200709272052.59861.max@love2party.net> In-Reply-To: <94CADB570ACCB0418E8236C8F24BD95C015FB50B@VIRTUALEXCHANGE.corp.com> References: <94CADB570ACCB0418E8236C8F24BD95C015FB50B@VIRTUALEXCHANGE.corp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart31342622.rOQGGJjSZx Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 27 September 2007, David Verzolla wrote: > Hi All, > Its possible creates a rule that can match all the traffic designated > to an specific interface? > > Example: > > pass in on $vlan10 from <vlan10> to (the interface, not the address) > $ext_if I'm not 100% sure what you are after here. The from/to part always takes=20 an address as argument. You can use the "($ext_if)" syntax to=20 dynamically fill in all addresses that are configured on the interface at=20 the moment of evaluation, but you can't directly influence routing=20 decisions. That means you can't write a single rule that says "traffic=20 from $vlan10 must only go to $ext_if". In order to do this, you should=20 take a look at tagging. > The $ext_if:network doesn't works for me. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart31342622.rOQGGJjSZx Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBG+/wLXyyEoT62BG0RAsoKAJ9DVO4btHwvRTSk31rTQCITS8/kGQCfVOHx /TJQVDUsGNO16IJ4SSE79KI= =LB0O -----END PGP SIGNATURE----- --nextPart31342622.rOQGGJjSZx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709272052.59861.max>