multiple loginterface

Greg Hennessy Greg.Hennessy at
Wed Mar 9 09:48:04 UTC 2011

As long as PF is enabled and you haven't done a 'set skip on interface'. 

Putting block log all' at the start of the policy will catch everything hitting the default deny and adding 'log' to the access rules will record everything else. 

If you're using the platform as a multihomed firewall, it may make life simpler to grant the egress interfaces access by default, and put security policy enforcement on the ingress interface. 



> -----Original Message-----
> From: Michael [mailto:mlmichael70 at]
> Sent: 09 March 2011 9:41 AM
> To: Greg Hennessy
> Cc: freebsd-pf at
> Subject: Re: multiple loginterface
> On 09/03/2011 09:29, Greg Hennessy wrote:
> > What's the likely use case ? Jails ?
> >
> I was thinking about something else, please correct me if I'm wrong. I'm using
> two interfaces to get online on a regular basis, one is gsm and another one is
> wifi.
> I want to monitor both of them at any given time so I thought I need multiple
> loginterfaces?
> Michael

More information about the freebsd-pf mailing list