pf.conf question
Max Laier
max at love2party.net
Sat Apr 24 05:04:48 PDT 2004
On Saturday 24 April 2004 09:51, Gregory Edigarov wrote:
> Hello!
>
> Does pf support an interface group definition in its filter rulesets,
> i.e. something like "ppp*" or "ppp+"?
This functionality comes with OpenBSD 3.5 which will be shipping may, 1st. We
are working on the import already and hope to be ready by that date as well.
The benefit of pf's group syntax and implementation of it, is that you will
not have a fnmatch / strncmp call per packet (as is the case for ipfw at the
moment). The group syntax will also work with on renamed interfaces, i.e.
after "ifconfig ppp0 name wan0" pf will still apply "ppp"-rules to the wan0
interface. We might make this behavior optional - not quite sure at the
moment as interface renaming is a bit of a new concept and we don't have much
experience with how it is/should be used.
http://www.onlamp.com/pub/a/bsd/2004/04/15/pf_developers.html gives a good
overview of the changes made during the last two releases (3.4/3.5) and also
describes the new interface handling in some detail.
--
Best regards, | mlaier at freebsd.org
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040424/adb6b989/attachment.bin
More information about the freebsd-current
mailing list