Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Feb 2008 08:46:57 -0500
From:      Derek Buttineau <derek@csolve.net>
To:        Chad Perrin <perrin@apotheon.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: pf.conf for variable interfaces
Message-ID:  <1EA6DA21-64D4-41CF-9A1B-9A961C0B489E@csolve.net>
In-Reply-To: <20080208133822.GA46647@demeter.hydra>
References:  <20080208133822.GA46647@demeter.hydra>

next in thread | previous in thread | raw e-mail | index | archive | help

On 2008-Feb-08, at 8:38 AM, Chad Perrin wrote:

> I'm setting up PF on a FreeBSD laptop that sometimes uses the wireless
> device (iwi0) as its external interface, and sometimes uses the RJ-45
> ethernet device (bge0) as its external interface.  Unfortunately, I
> haven't figured out yet how to make that happen.
>
> I'd like to be able to have the $ext_if value change depending on  
> which
> interface is active and being used to connect to the outside world.   
> Do I
> just need to create two full sets of rules in my pf.conf (or use a  
> script
> to rewrite that file from scratch each time), even though I'll be  
> using
> exactly the same rules for PF regardless of which interface I'm  
> using, or
> is there some simple way to avoid that sort of redundancy?  What am I
> overlooking?
>


You can add a macro that will apply rules to both interfaces  
simultaneously.  i.e.

lan_if = "bge0"
wi_if = "iwi0"

ext_if = "{" lan_if wi_if "}"

block in on $ext_if all

I know it's not dynamically updating but should suffice.

--
Regards,

Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc

Phone:  705-725-1212 x255
E-Mail:  derek@csolve.net





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1EA6DA21-64D4-41CF-9A1B-9A961C0B489E>