after some private mails...
* Peter Fraser <[EMAIL PROTECTED]> [2005-11-20 21:30]:
> I was trying out the interface groups of pf 3.8, I was surprised to
> get a syntax error with:
>
> pass out quick proto { tcp udp }
> from egress to any port domain flags S/SA keep state
as said before, I initially forgot the code for static expansion. this
is in -current for some time now tho.
> which seems to use "self" in these case as an undefined interface
> group, I would have expected that "self" would have been implemented
> a interface group of all the interfaces on the computer.
it is, and happens to work just fine :)
> pf is very unhappy if you use:
>
> set loginterface egress
>
> After this statement I could not get pf to work again unless I rebooted.
this has been confirmed to be an operator error. while you cannot set
loginterface to a group (yet, at least), it does _not_ leave pf in a
non-working state or the like.
> also it is not obvious to me what happens when you use:
>
> antispoof quick for Inside
>
> where "Inside" is an interface group containing several interfaces. I
> expect
> that antispoof only works as a group, rather than on each interface
> individually
as said - see for yourself. need -current due to above mentioned
missing static expansion, then see with
echo "antispoof for Inside" | pfctl -nvf -
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
