Hi,
I'm getting a strange output from pfctl that I cannot explain, perhaps
someone lurking the list have the answer?
When using interface groupnames in my pf.conf, I see the same rule 4
times when doing a pfctl -s rules.
The interface group i'm using, have a vlan and carp member.
Ex.
pass in on groupA from groupA:network to groupB:network tag A_TO_B
Will produce something like (pfctl -s rules);
...
pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep
state (pflow) tag A_TO_B
pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep
state (pflow) tag A_TO_B
pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep
state (pflow) tag A_TO_B
pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep
state (pflow) tag A_TO_B
...
Using a single interface (ex. vlan) will only produce one line (as I
expect it to do) in the pfctl -s rules output.
My question is: Why are pf making 4 identical rules when using
groupnames?
--
Kind regards
Brian S. Vangsgaard
