From owner-freebsd-questions@FreeBSD.ORG  Fri Feb  8 14:03:52 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0CE9C16A419
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Feb 2008 14:03:52 +0000 (UTC)
	(envelope-from derek@csolve.net)
Received: from frodo.csolve.net (frodo.csolve.net [207.164.81.3])
	by mx1.freebsd.org (Postfix) with ESMTP id D9EF213C46A
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Feb 2008 14:03:51 +0000 (UTC)
	(envelope-from derek@csolve.net)
Received: from alpha.csolve.net ([10.10.18.126])
	by frodo.csolve.net with esmtpa (Exim 4.69 (FreeBSD))
	(envelope-from <derek@csolve.net>)
	id 1JNTZB-000FXC-2B; Fri, 08 Feb 2008 08:46:57 -0500
Message-Id: <1EA6DA21-64D4-41CF-9A1B-9A961C0B489E@csolve.net>
From: Derek Buttineau <derek@csolve.net>
To: Chad Perrin <perrin@apotheon.com>
In-Reply-To: <20080208133822.GA46647@demeter.hydra>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v915)
Date: Fri, 8 Feb 2008 08:46:57 -0500
References: <20080208133822.GA46647@demeter.hydra>
X-Mailer: Apple Mail (2.915)
X-Authenticated-Id: derek@csolve.net
Cc: freebsd-questions@freebsd.org
Subject: Re: pf.conf for variable interfaces
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2008 14:03:52 -0000


On 2008-Feb-08, at 8:38 AM, Chad Perrin wrote:

> I'm setting up PF on a FreeBSD laptop that sometimes uses the wireless
> device (iwi0) as its external interface, and sometimes uses the RJ-45
> ethernet device (bge0) as its external interface.  Unfortunately, I
> haven't figured out yet how to make that happen.
>
> I'd like to be able to have the $ext_if value change depending on  
> which
> interface is active and being used to connect to the outside world.   
> Do I
> just need to create two full sets of rules in my pf.conf (or use a  
> script
> to rewrite that file from scratch each time), even though I'll be  
> using
> exactly the same rules for PF regardless of which interface I'm  
> using, or
> is there some simple way to avoid that sort of redundancy?  What am I
> overlooking?
>


You can add a macro that will apply rules to both interfaces  
simultaneously.  i.e.

lan_if = "bge0"
wi_if = "iwi0"

ext_if = "{" lan_if wi_if "}"

block in on $ext_if all

I know it's not dynamically updating but should suffice.

--
Regards,

Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc

Phone:  705-725-1212 x255
E-Mail:  derek@csolve.net