Date: Mon, 25 Jun 2018 16:12:49 -0400 From: Joseph Ward <jbwlists@hilltopgroup.com> To: freebsd-pf@freebsd.org Subject: "egress" group Message-ID: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com>
next in thread | raw e-mail | index | archive | help
My current pf.conf contains the following lines (with a lot of other stuff redacted for irrelevance): ext_if="em0" ... block log all pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state and it works great; ssh is able to get in. However, when I change "$ext_if" to "egress", it no longer works. From the various documentation I've found online, egress should automatically be the interface which has the default route, and netstat -rn gives me: Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.6.1 UGS em0 Am I missing something? My goal is for this pf.conf to be able to be used on multiple systems which unfortunately have different network cards, so the interface names are different. If "egress" isn't going to work, is there another way to accomplish that goal? Thanks, Joseph Ward
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1822764a-e237-ddd3-639d-62fd01b2bbdc>