Rule doubt
Max Laier
max at love2party.net
Thu Sep 27 11:53:07 PDT 2007
On Thursday 27 September 2007, David Verzolla wrote:
> Hi All,
> Its possible creates a rule that can match all the traffic designated
> to an specific interface?
>
> Example:
>
> pass in on $vlan10 from <vlan10> to (the interface, not the address)
> $ext_if
I'm not 100% sure what you are after here. The from/to part always takes
an address as argument. You can use the "($ext_if)" syntax to
dynamically fill in all addresses that are configured on the interface at
the moment of evaluation, but you can't directly influence routing
decisions. That means you can't write a single rule that says "traffic
from $vlan10 must only go to $ext_if". In order to do this, you should
take a look at tagging.
> The $ext_if:network doesn't works for me.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070927/713ff767/attachment.pgp
More information about the freebsd-pf
mailing list