Date: Wed, 15 Aug 2007 00:46:48 +0300 From: Toomas Pelberg <toomas@detalem.cq.hk> To: freebsd-pf@freebsd.org Subject: pfctl -i Message-ID: <1187128008.64655.9.camel@detalem.kicks-ass.net>
next in thread | raw e-mail | index | archive | help
pfctl man page says:
-i interface
Restrict the operation to the given interface.
..what exactly is meant under the word "operation" ?
My problem: I want to load a different ruleset for each interface
( jails ) and not care about what's in the ruleset as long as it doesn't
affect anything outside the jail ( which is bound to a specific ip on a
seperate interface )
I tried loading pfctl -i lo1 -f test.fire which contained "block quick
all" ..which promptly killed everything :/
And no, it's not about using the loopback interface.. same goes for
"real" interfaces like nve & fxp. Neither does it restrict you from
loading "block quick on another_iterface all" and still killing
everything..
OpenBSD seems to act the same, so it's probably not an porting bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1187128008.64655.9.camel>