[Bug 237973] pf: implement egress keyword to simplify rules across different hardware
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Aug 2022 07:36:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237973 --- Comment #11 from Goran Mekić <meka@tilda.center> --- (In reply to Zhenlei Huang from comment #10) It is complex and I just started learning about routing implementation in kernel, so this patch is far from perfect, but let me give some of the answers: 1. Until we have group per FIB and not group per interface, we can't do better, unless we already have groups per FIB? 2. That issue is present on OpenBSD and yet they still have egress. I didn't dive into egress edge cases on that operating system, but I assume they have this problem, too 3. People already can set groups on their interfaces, so that is covered. My point is that egress is not universally usable. You can always imagine a case where egress is not actually what you want in your pf.conf. That being said, I would argue that egress implementation helps until you get to complex network setups in which deeper understanding is assumed, hence it's assumed that network administrators responsible for it know how they should configure their pf.conf. In short I think there are more people who can use egress than those who can't, so I still think this is useful (not in current state, of course). -- You are receiving this mail because: You are the assignee for the bug.