"egress" group
Patrick Lamaiziere
patrick at davenulle.org
Tue Jun 26 08:07:21 UTC 2018
Le Mon, 25 Jun 2018 16:12:49 -0400,
Joseph Ward <jbwlists at hilltopgroup.com> a écrit :
Hello,
> My goal is for this pf.conf to be able to be used on multiple systems
> which unfortunately have different network cards, so the interface
> names are different. If "egress" isn't going to work, is there
> another way to accomplish that goal?
You can use some interface groups.
ifconfig_ix0="inet 192.168.20.251/24 group CARPDEV group IFFOO"
then in pf.conf use the groups
pass in on IFFOO ...
or
pass quick on CARPDEV proto carp keep state (no-sync)
There are several restrictions, you can't use group interface in
pf rules "set skip" and on nat/route-to rules. And the name of a group
cannot end by a number (IFFOO1 -> invalid)
But that's work fine, we use groups a lot here.
Regards
More information about the freebsd-pf
mailing list