Hello,
The problem at hand is how to define the macros ext_if and int_if for a system with multiple interfaces.
Neither pf.conf(5) nor "the book of PF" give a working example where the macro holds more than one name.
This is the only existing example of relevant syntax in pf.conf(5):
> ext_if = "kue0"
> all_ifs = "{" $ext_if lo0 "}"
> pass out on $ext_if from any to any
> pass in on $ext_if proto tcp from any to any port 25
Note that all_ifs is not used, so we do not know whether $all_ifs, <all_ifs> or plain all_ifs is correct.
I also need to know whether the following two options are equivalent from the standpoint of pf:
# option 1
/etc/pf.conf
int_if = "{" ix0 ix1 "}"
ext_if = "em0"
/etc/hostname.ix0
inet 192.168.1.6 255.255.255.0 192.168.1.255
up
/etc/hostname.ix1
inet 192.168.1.7 255.255.255.0 192.168.1.255
up
# option 2
/etc/pf.conf
int_if = "vether0"
ext_if = "em0"
/etc/hostname.vether0
inet 192.168.1.6 255.255.255.0 192.168.1.255
/etc/hostname.bridge0
add ix0
add ix1
add vether0
blocknonip ix0
blocknonip ix1
blocknonip vether0
up
/etc/hostname.ix0
up
/etc/hostname.ix1
up
Thank you.
No comments:
Post a Comment