On Tuesday 06 July 2004 11.26, Per-Olov Sj�holm wrote: > Cedric Berger said: > > Per-Olov Sj�holm wrote: > >>Hi ! > >> > >>I have used "$if:network" and "$if:broadcast" much to avoid specifying > >> macros > >>with IP addresses. However... I have recently fixed me a second public IP > >> on > >>my internet interface. Now I see the limitations with this and have to go > >>back and specify the IP:s directly in pf.conf (for the Internet > >> interface..) > >>as I don't want both my public IP:s expanded in the ruleset. If I specify > >>"$if:network" both addresses are expanded.... > > > > If you're using 3.5, you can do the following: > > > > "$if:0:network" or "$if:0:broadcast" > > > > It will also work for dynamic addresses, like: > > > > "($if:0:network)" or "($if:0:broadcast)" > > This was very good news. > Thanks Cedric !
Hi again Cedric. I haven't had the time to fix with this until now. That's why this thread reply comes one months after the last post. It seems like the $if:0 syntax works ok. Using this I can avoid hardcoded ip:s for the interfaces in pf.conf. But I also assumed that I should be able to use $if:1 as well when I have a "inet alias" in my hostname.fxp1 file. But trying to use anything else but ":0" doesn't work. Using $if:1 in pf.conf with a verbose reload produce a: --snip-- no IP address found for fxp1:1 /etc/pf.conf:202: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded --snip-- (The hosts and hostname.fxp1 files are ok. and both names are in the DNS as well except for the PTR:s.) Maybe you know why it's not possible to specify the "inet alias" ip from the hostname file with ":1" in pf.conf ? I think it should work. But how ? Otherwise this syntax seems to be useless if only ":0" works. Thanks in advance Per-Olov Sj�holm > > Regards > /Per-Olov > > >>The question: > >>Is is possible to fix the interface a'la Solaris where you can specify > >>interfaces for example "hme0:1", "hme0:2" etc where you have a separate > >>interface name for each IP on the same physical interface.. Then it would > >>still be possible to use the syntax above that I really like. > > > > No > > Cedric
