Correct way to configure an IP range for firewall

Maxim Khitrov mkhitrov at
Thu Sep 10 12:19:01 UTC 2009

On Wed, Sep 9, 2009 at 3:03 PM, Matthew
Seaman<m.seaman at> wrote:
> Maxim Khitrov wrote:
>> Am I correct in assuming that I just need to add four
>> ifconfig_vr0_alias[0-3] lines to rc.conf? What happens if in the
>> future we get a much bigger IP block, is there a more efficient way of
>> accomplishing the same thing? I don't actually want the firewall to
>> consider itself the final destination for any of the additional IPs,
>> it just needs to pass them to pf for nat and filtering.
> Assuming your assigned network is
> ipv4_addrs_vr0=""
> See rc.conf(5) for details.
>        Cheers,
>        Matthew

Thanks! I looked through /etc/defaults/rc.conf and somehow missed
ipv4_addrs. So if I understand the man page correctly, a single
ipv4_addrs_vr0="x.x.x.9-13/29" line can replace both the aliases and
the one ifconfig_vr0 line. Is that correct? I'm not certain because
the man page states that "an ifconfig_<interface> variable is also
assumed to exist for each value of interface," but everything seems to
be working fine without it.

- Max

More information about the freebsd-questions mailing list