Does ipfw support interface groups?
Luigi Rizzo
rizzo at iet.unipi.it
Thu May 21 16:36:55 UTC 2009
On Thu, May 21, 2009 at 08:49:30AM -0700, Freddie Cash wrote:
> On Thu, May 21, 2009 at 8:01 AM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
> > On Thu, May 21, 2009 at 04:20:48PM +0200, Ermal Lu?i wrote:
> >> can ipfw use somehow interface groups as pf(4) can?
> >> From a quick glance at documentation and not so through look at code
> >> it does not but i am sending this just if i missed something during my
> >> search!
> >
> > something like
> > ?? ?? ?? ??... { recv ed0 or recv xl1 or recv ath4 or recv vlan0 } ...
> > is perhaps not so nice but does the job.
>
> Seriously??!!
>
> Luigi, you just made my day. :) Writing duplicate sets of rules for
> multi-homed firewalls where the only thing that's different is the
> incoming interface has been a pain ...
you can always put multiple rules that check the variant part
and skipto the common one
ipfw add 100 skipto 2000 in recv xl1
ipfw add 100 skipto 2000 in recv bge0
...
ipfw add 100 count // interface not recognised
ipfw add 2000 ... // do the common part
cheers
luigi
More information about the freebsd-ipfw
mailing list