Date: Tue, 14 Aug 2007 17:13:23 -0700 From: "Jon Simola" <jsimola@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: pfctl -i Message-ID: <8eea04080708141713w2e485fe2t49ff909304561fb5@mail.gmail.com> In-Reply-To: <1187128008.64655.9.camel@detalem.kicks-ass.net> References: <1187128008.64655.9.camel@detalem.kicks-ass.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/14/07, Toomas Pelberg <toomas@detalem.cq.hk> wrote:
> pfctl man page says:
>
> -i interface
> Restrict the operation to the given interface.
>
> ..what exactly is meant under the word "operation" ?
This would be one of those things that is obvious once you've seen an example
and thought about it for a while.
$sudo pfctl -si |grep -A1 State
State Table Total Rate
current entries 34056
$sudo pfctl -i vlan170 -ss |wc -l
1172
In this case, only show states bound to the vlan170 interface.
> My problem: I want to load a different ruleset for each interface
> ( jails ) and not care about what's in the ruleset as long as it doesn't
> affect anything outside the jail ( which is bound to a specific ip on a
> seperate interface )
You probably want to look into anchors.
--
Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea04080708141713w2e485fe2t49ff909304561fb5>