Date: Mon, 01 Aug 2022 07:36:13 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 237973] pf: implement egress keyword to simplify rules across different hardware Message-ID: <bug-237973-7501-HSKmiat6zG@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-237973-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-237973-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237973 --- Comment #11 from Goran Meki=C4=87 <meka@tilda.center> --- (In reply to Zhenlei Huang from comment #10) It is complex and I just started learning about routing implementation in kernel, so this patch is far from perfect, but let me give some of the answ= ers: 1. Until we have group per FIB and not group per interface, we can't do bet= ter, unless we already have groups per FIB? 2. That issue is present on OpenBSD and yet they still have egress. I didn't dive into egress edge cases on that operating system, but I assume they have this problem, too 3. People already can set groups on their interfaces, so that is covered. My point is that egress is not universally usable. You can always imagine a case where egress is not actually what you want in your pf.conf. That being said, I would argue that egress implementation helps until you get to compl= ex network setups in which deeper understanding is assumed, hence it's assumed that network administrators responsible for it know how they should configu= re their pf.conf. In short I think there are more people who can use egress th= an those who can't, so I still think this is useful (not in current state, of course). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237973-7501-HSKmiat6zG>