Hello Ian,
</snip>
On Wed, Mar 09, 2022 at 12:05:25PM +0000, Ian Chilton wrote:
> Currently, the only way I can find of doing these kind of rules is to go
> back to hard-coding interface names, like:
>
> pass in quick on vlan2 proto tcp from vlan2:network to vlan2 port bgp
> pass in quick on vlan3 proto tcp from vlan3:network to vlan3 port bgp
> pass in quick on vlan4 proto tcp from vlan4:network to vlan4 port bgp
this is the only way to get results you want, at least as far
as I can tell. Although it's tempting to use lists and merge
everything into single rule:
pass in quick on { vlan2, vlan3, vlan4 } proto tcp from \
{ vlan2:network, vlan3:network, vlan4:network to \
{ vlan2, vlan3, vlan4 } port bgp
however that won't get the same result as using three explicit rules
like you are doing. You can pass the rule above to parser like this
echo 'pass in quick on { vlan2, ... ' | pfctl -nvf -
to see what will happen.
>
> when I really want something dynamic like:
>
> pass in quick on transit proto tcp from transit:network to transit port bgp
> pass in quick on peering proto tcp from peering:network to peering port bgp
> pass in quick on linknet proto tcp from linknet:network to linknet port bgp
it looks like grammar parser currently accepts rules above,
however it will create the same result as for rule with lists I've
presented above.
>
> Am I missing a neat way of doing this?
I'm afraid there is currently no neat way like you are dreaming of.
regards
sashan
