On Mon, Mar 24, 2025 at 12:31:29PM -0400, Vaughn A. Hart wrote: > Thank you for the response. I see the antispoof for self rules expand when > I run pfctl - s all. But I don’t see the block rules for the self keyword > do the same; which is why I emailed you. What I am attempting to do I > capture all the interfaces whether they are present at plugged in (say a > new docking connection or thunderbolt display) and block those addresses. I > was creating a table for int (en0-4) and utun but I felt it wouldn’t enable > filtering on newly plugged in device that’s given a new interface number. > So I tried to use self. > > Is there any way to have such a dynamic rule?
The first thing that comes to mind is to set up ifstated to do a pf reload on on USB interface attach (and detach). The other option would be to do the reload by hand (which you might need to do while fiddling with getting ifstated properly configured anyway) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
