* Massimo Lusetti <[email protected]> [2010-07-05 11:49]: > Hi guys, > I read on the OpenBSD PF's FAQ this statement: > > Ruleset Tips > > Filter the physical interface. As far as PF is concerned, network > traffic comes from the physical interface, not the CARP virtual > interface (i.e., carp0). So, write your rule sets accordingly. Don't > forget that an interface name in a PF rule can be either the name of a > physical interface or an address associated with that interface. For > example, this rule could be correct: pass in on fxp0 inet proto tcp > from any to carp0 port 22 but replacing the fxp0 with carp0 would not > work as you desire. > > I would ask if using the group names instead of the physical interface > has some draw backs, cause i find it easier to understand. > I'm also giving the same group name to the carp interface so i can see > all my IPs with ifconfig "group_name". > > Am I missing something abvious?
no -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
