From owner-freebsd-pf@FreeBSD.ORG Wed Aug 15 00:38:03 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC7B116A420 for ; Wed, 15 Aug 2007 00:38:03 +0000 (UTC) (envelope-from jsimola@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.233]) by mx1.freebsd.org (Postfix) with ESMTP id AD56213C45B for ; Wed, 15 Aug 2007 00:38:03 +0000 (UTC) (envelope-from jsimola@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so694965nzf for ; Tue, 14 Aug 2007 17:38:02 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=n6PvrLX+Pf4bh85AWoCa4LFnv9F7xwLevZ/dn45ScNDcThQkR2JgJfIIjf6LRVQEWQkpOzeJlAEjsazyHWv6pIVjuJihqUZErEKZRd3YDfTXBpsZowKRY8JQMoLCa5YtO9BtFhWAh5aNOIx8kkHce2XFa/8cSEdrlLc0puRTk00= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=q0Xy7rZVqBnfJ2SXwi4tHDtRMr5S41rMl9yeNuKomyFC0DeyhwhvI+Rjvoswj7/TBx8EZq7mUKZeROF6BaX1dYX9H6Tpt40ylwy2T0b0KnXaV/SlykK6tJGHupGof/c/Bf15SkR5XNVRTs1uJWbgCPYoPROjqmcoDI4yL4jbtk8= Received: by 10.143.40.12 with SMTP id s12mr778416wfj.1187136803789; Tue, 14 Aug 2007 17:13:23 -0700 (PDT) Received: by 10.142.147.5 with HTTP; Tue, 14 Aug 2007 17:13:23 -0700 (PDT) Message-ID: <8eea04080708141713w2e485fe2t49ff909304561fb5@mail.gmail.com> Date: Tue, 14 Aug 2007 17:13:23 -0700 From: "Jon Simola" To: freebsd-pf@freebsd.org In-Reply-To: <1187128008.64655.9.camel@detalem.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1187128008.64655.9.camel@detalem.kicks-ass.net> Subject: Re: pfctl -i X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 00:38:04 -0000 On 8/14/07, Toomas Pelberg wrote: > pfctl man page says: > > -i interface > Restrict the operation to the given interface. > > ..what exactly is meant under the word "operation" ? This would be one of those things that is obvious once you've seen an example and thought about it for a while. $sudo pfctl -si |grep -A1 State State Table Total Rate current entries 34056 $sudo pfctl -i vlan170 -ss |wc -l 1172 In this case, only show states bound to the vlan170 interface. > My problem: I want to load a different ruleset for each interface > ( jails ) and not care about what's in the ruleset as long as it doesn't > affect anything outside the jail ( which is bound to a specific ip on a > seperate interface ) You probably want to look into anchors. -- Jon