[pf4freebsd] Re: Patch for :broadcast expansion.

Max Laier max at love2party.net
Wed Sep 15 20:53:17 PDT 2004


Hello James,

Thursday, October 2, 2003, 12:51:38 AM, you wrote:
JQ> The expansion of ifname:broadcast, is not useful on systems such as
JQ> jail hosts which have multiple addresses on the same network aliased
JQ> to the interface, ....

This is 100% correct. These macros - same applies to ":network" - are
for plain, default setups. If it comes to aliases or other tricky things
it's the administrators task to take care of. That said, you may already
see why your patch isn't appropriate for everybody.

JQ> ... since in that case the broadcast macro expands to the not only
JQ> the broadcast address but also the addresses of each of the aliased
JQ> host addresses.

Now this is only party true. The macro expands to all _broadcast_
addresses of the given interface. The /problem/ is, that every alias
gets it's own broadcast address, which is a sane choice when one wants
aliases in different nets (with different broadcast addresses).

Your patch does catch one of many exceptions, but it is not a general
solution for all problems with aliases or the ":broadcast" macro in
general. There might be situations where you narrow the broadcast
address for a given interface to /32. Your patch will then expand to
nothing, which is hardly wanted. That is why I doubt it will make its
way into pf. You can however try to convince Daniel & co. to adopt it
(we try not to fork from OpenBSD's behaviour).

Note that the same issues apply to the ":network" macros! Both are for
the plain default, not for every configuration one can think of.

-- 
Best regards,
 Max                            mailto:max at love2party.net





More information about the freebsd-pf mailing list