On 2/13/06, Ray Lai <[EMAIL PROTECTED]> wrote:
...
> In this example ifconfig(8) shows that I have groups ``lo'' and
> ``egress'', so in the pf.conf you can stick an interface group
> (almost?) anywhere you can stick an interface. (Actually there's
> a missing interface group in this example: ``enc''. I'm not sure
> if it's a bug in ifconfig(8).) You can also add your own groups
> using ifconfig(8).
>
> pf.conf(5) doesn't describe interface groups, but you can find a
> description in ifconfig(8) under ``group''.
fascinating. Seems like I could do away with macros for interface
names in pf.conf- create groups with my symbolic names for the various
links and use those instead. Then pf.conf doesn't have to change when
NICs change, just the hostname.if files (which have to change anyway.)
Though I fiddle with my pf.conf far more often than I replace NICs.
Now, can one use a group name to set up a pool? eg:
rdr on $ext_if proto tcp from any to any port 80 { httpd_ifs_group } round-robin
