Using pf.conf with public access points.

Jason Hellenthal jhellenthal at dataix.net
Mon Mar 10 18:56:56 UTC 2014 

I nearly forgot all about that feature thank you for the reminder.

-- 
 Jason Hellenthal
 Voice: 95.30.17.6/616
 JJH48-ARIN

> On Mar 10, 2014, at 10:20, Ermal Luçi <eri at freebsd.org> wrote:
> 
> Usually pf(4) does support having dynamic ips inside its ruleset.
> For example just putting the interface name as address or putting $iface:0 for first address etc...
> 
> Take a look an man page of pf.conf and search for the string 'Interface names and interface group names can'
> 
> 
>> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal at dataix.net> wrote:
>> You'll want to not use up addresses in your pf.conf
>> 
>> Block on default and then open up by definition of ports instead. Forget the whole IPAddr thing and treat this as a roaming client firewall.
>> 
>> 
>> --
>>  Jason Hellenthal
>>  Voice: 95.30.17.6/616
>>  JJH48-ARIN
>> 
>> > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg at funkthat.com> wrote:
>> >
>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400:
>> >> 2. How do I compensate for the use of public access points when the IP
>> >> addresses will always be different?
>> >
>> > it doesn't appear that pf has this ability, but it looks like ipfw
>> > has this, from ipfw(8):
>> >             me      matches any IP address configured on an interface in the
>> >                     system.
>> >
>> > So, maybe switching to ipfw might be an option..
>> >
>> > --
>> >  John-Mark Gurney                Voice: +1 415 225 5579
>> >
>> >     "All that I will do, has been done, All that I have, has not."
>> > _______________________________________________
>> > freebsd-net at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> 
> 
> 
> -- 
> Ermal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6118 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20140310/751a7882/attachment.bin>

More information about the freebsd-net mailing list