pf.conf for variable interfaces

[Matthew Seaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Chad Perrin wrote:
> I'm setting up PF on a FreeBSD laptop that sometimes uses the wireless
> device (iwi0) as its external interface, and sometimes uses the RJ-45
> ethernet device (bge0) as its external interface.  Unfortunately, I
> haven't figured out yet how to make that happen.
> 
> I'd like to be able to have the $ext_if value change depending on which
> interface is active and being used to connect to the outside world.  Do I
> just need to create two full sets of rules in my pf.conf (or use a script
> to rewrite that file from scratch each time), even though I'll be using
> exactly the same rules for PF regardless of which interface I'm using, or
> is there some simple way to avoid that sort of redundancy?  What am I
> overlooking?
> 

You might be able to use link aggregation to make this work.  See lagg(4)
- -- there's an example in there of automatic fail-over between a wireless
and a wired interface.  Assuming that your wireless and wired interfaces
would all sit on the same network and you can move the IP from one to the
other, it should work.

In pf.conf you'ld need to set:

  ext_if="(lagg0)' 

(The brackets are important if the IP is dynamically assigned and could
change)

Completely untried, but I think this should work.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                       Flat 3
                                                      7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHrGBn3jDkPpsZ+VYRA3UDAKCVRiDc08UWXwe10W0UYpg01hchgACfdFeh
XyqzAidCAgAut5tOtgryUi8=
=FDYK
-----END PGP SIGNATURE-----