Personal firewall with two interfaces
Mark Atkinson
atkin901 at yahoo.com
Tue Dec 9 13:48:21 PST 2008
Leslie Jensen wrote:
> I usually make a change pf.conf where I change
>
> # ext_if="em0"
> ext_if="rum0"
>
> or vice versa.
>
> My problem is that if the "wrong" interface is active in pf.conf
> there'll be some waiting for ntpd sshd and bsdstats to time out.
>
> I would like to configure pf so that both interfaces are treathed the
> same, only one active interface at the time, but to remove the need for
> a manual change of pf.conf at startup.
>
> Any hints are appreciated.
You should leave your pf.conf alone and rename your interfaces (based on
which one is inserted -- maybe via devd). You could also code something up
in like /etc/rc.d/early.sh to figure out which one is available and rename
it.
for example:
ifconfig msk0 name external
ifconfig xl0 name internal
ifconfig sk0 name wireless
and just leave ext_if="external" in your pf.conf.
--
Mark Atkinson
atkin901 at yahoo.com
(!wired)?(coffee++):(wired);
More information about the freebsd-pf
mailing list