"egress" group

[Joseph Ward]

Thank you; I didn't even realize I could rename the interface.  Part of
the install script already has to deal with the varying interface names
for rc.conf, so I'll just change the name there.

The other suggestion, about adding the cards to a group would be about
the same effort, but since I do have nat/rdr rules which are referencing
the external interface it seems the groups wouldn't work, so renaming it is.

Thanks again!

-Joseph


On 06/26/2018 02:32, Kristof Provost wrote:
>
> On 25 Jun 2018, at 22:12, Joseph Ward wrote:
>
>     My current pf.conf contains the following lines (with a lot of other
>     stuff redacted for irrelevance):
>
>     ext_if="em0"
>     ...
>     block log all
>     pass in on $ext_if proto tcp from any to any port 22 flags S/SA
>     keep state
>
>
>     and it works great; ssh is able to get in.  However, when I change
>     "$ext_if" to "egress", it no longer works.  From the various
>     documentation I've found online, egress should automatically be the
>     interface which has the default route, and netstat -rn gives me:
>
> ‘egress’ exists in OpenBSD’s pf, but not in FreeBSD.
>
>     My goal is for this pf.conf to be able to be used on multiple systems
>     which unfortunately have different network cards, so the interface
>     names
>     are different.  If "egress" isn't going to work, is there another
>     way to
>     accomplish that goal?
>
> You could rename your network card (ifconfig em0 name foo). That’d let
> you hide the difference from pf (but you’d have to cope with it in
> /etc/rc.conf)
>
> Regards,
> Kristof
>