Hi Jared,
jared r r spiegel wrote:
On Fri, Aug 22, 2008 at 04:16:38PM +0200, Harald Dunkel wrote:
Hi folks,
Question: How can I make sure that "em2" doesn't become "em0"
if my dual-port NIC dies? This would be fatal for my firewall
setup. At least the antispoof rules _must_ be bound to the
network devices.
first thing that comes to mind is to create unique interface
groups for each iface and then write pf based on that.
Thats a cool idea. I did not really recognize the group names
before.
I could parse the output of ifconfig while the Packet Filter
is blocking everything, assign new interface group names
according to the MAC address, and finally load a new pf.conf
using group names.
Many thanx
Harri
