"egress" group
Kristof Provost
kristof at sigsegv.be
Tue Jun 26 06:32:14 UTC 2018
On 25 Jun 2018, at 22:12, Joseph Ward wrote:
> My current pf.conf contains the following lines (with a lot of other
> stuff redacted for irrelevance):
>
> ext_if="em0"
> ...
> block log all
> pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep
> state
>
>
> and it works great; ssh is able to get in. However, when I change
> "$ext_if" to "egress", it no longer works. From the various
> documentation I've found online, egress should automatically be the
> interface which has the default route, and netstat -rn gives me:
>
‘egress’ exists in OpenBSD’s pf, but not in FreeBSD.
> My goal is for this pf.conf to be able to be used on multiple systems
> which unfortunately have different network cards, so the interface
> names
> are different. If "egress" isn't going to work, is there another way
> to
> accomplish that goal?
>
You could rename your network card (ifconfig em0 name foo). That’d let
you hide the difference from pf (but you’d have to cope with it in
/etc/rc.conf)
Regards,
Kristof
More information about the freebsd-pf
mailing list