Date: Wed, 14 Apr 2021 16:16:54 +0200 From: =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org> To: "stable@freebsd.org" <stable@FreeBSD.org> Subject: using interface groups in pf tables stopped working in 13.0-RELEASE Message-ID: <431C3D85-C754-4E1C-94E0-333DE254F0AC@pean.org>
next in thread | raw e-mail | index | archive | help
In pf I use the interface group syntax alot to make the configuration =
more readable. All interfaces are assigned to a group representing its =
use/vlan name.=20
For example:
ifconfig_igb1_102=3D"172.22.0.1/24 group iot description 'iot vlan' up"
ifconfig_igb1_102_ipv6=3D"inet6 2001:470:de59:22::1/64"
ifconfig_igb1_300=3D"172.26.0.1/24 group mgmt description 'mgmt vlan=E2=80=
=99 up"
ifconfig_igb1_300_ipv6=3D"inet6 2001:470:de59:26::1/64=E2=80=9D
in pf.conf I use these group names all over the place. But since I =
upgraded to 13.0-RELEASE it no longer works to define a table using the =
:network syntax and interface groups:
table <nat_addresses> const { trusted:network mgmt:network dmz:network =
guest:network edmz:network \
admin:network iot:network client:network }
If I reload the configuration I get the following:
# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded
I have tried to use just one network, double check the interface group =
setting and so on, but with no luck.=20
to use actual interface works just fine:
table <nat_addresses> { igb1.300:network }
but using the group fails:
# ifconfig -g mgmt
igb1.300
table <nat_addresses> { mgmt:network }
# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded
Any ideas?=20
Thanks!
/Peter.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431C3D85-C754-4E1C-94E0-333DE254F0AC>