"egress" group
Joseph Ward
jbwlists at hilltopgroup.com
Mon Jun 25 20:14:58 UTC 2018
My current pf.conf contains the following lines (with a lot of other
stuff redacted for irrelevance):
ext_if="em0"
...
block log all
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state
and it works great; ssh is able to get in. However, when I change
"$ext_if" to "egress", it no longer works. From the various
documentation I've found online, egress should automatically be the
interface which has the default route, and netstat -rn gives me:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.6.1 UGS em0
Am I missing something?
My goal is for this pf.conf to be able to be used on multiple systems
which unfortunately have different network cards, so the interface names
are different. If "egress" isn't going to work, is there another way to
accomplish that goal?
Thanks,
Joseph Ward
More information about the freebsd-pf
mailing list