Re: January 28 snapshot, pf.conf(5) BNF missing egress keyword
Peter N. M. Hansteen wrote: Steve Williams writes: I'm trying to fully understand the new syntax and was working through the BNF in pf.conf(5), but it is missing the "egress" keyword. egress is the interface group that has your default route. for example on my laptop here the only really active network interface is iwn0, so pe...@deeperthought:~$ ifconfig iwn0 iwn0: flags=8843 mtu 1500 lladdr 00:26:c6:1c:c9:44 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (OFDM48 mode 11g) status: active ieee80211: nwid skinny chan 7 bssid 00:12:17:68:8c:e9 198dB nwkey inet6 fe80::226:c6ff:fe1c:c944%iwn0 prefixlen 64 scopeid 0x1 inet 172.16.30.47 netmask 0xff00 broadcast 172.16.30.255 shows that my iwn0 interface is a member of both the wlan and egress groups. we've had interface groups for a while, and yes, they're useful in filtering criteria. - Peter Doh . Thanks very much. Sometimes can't see the forest for the trees! Cheers, Steve
Re: January 28 snapshot, pf.conf(5) BNF missing egress keyword
Steve Williams writes: > I'm trying to fully understand the new syntax and was working through > the BNF in pf.conf(5), but it is missing the "egress" keyword. egress is the interface group that has your default route. for example on my laptop here the only really active network interface is iwn0, so pe...@deeperthought:~$ ifconfig iwn0 iwn0: flags=8843 mtu 1500 lladdr 00:26:c6:1c:c9:44 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (OFDM48 mode 11g) status: active ieee80211: nwid skinny chan 7 bssid 00:12:17:68:8c:e9 198dB nwkey inet6 fe80::226:c6ff:fe1c:c944%iwn0 prefixlen 64 scopeid 0x1 inet 172.16.30.47 netmask 0xff00 broadcast 172.16.30.255 shows that my iwn0 interface is a member of both the wlan and egress groups. we've had interface groups for a while, and yes, they're useful in filtering criteria. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: January 28 snapshot, pf.conf(5) BNF missing egress keyword
On Mon, Feb 01, 2010 at 09:47:23AM -0700, Steve Williams wrote: > Hi, > > I have just upgraded from 4.6 to a January 28 snapshot and have been > working through the pf.conf changes. > > The spamd(8) has the following pf.conf snippets as an example: > > pass in on egress proto tcp from any to any port smtp \ > rdr-to 127.0.0.1 port spamd > > Checking out pf.conf(5), it has a similar snippet: > pass on egress proto tcp from any to any port smtp \ > rdr-to 127.0.0.1 port spamd > > with the difference of a missing "in" (pass on egress vs. pass in on > egress). > > I'm trying to fully understand the new syntax and was working > through the BNF in pf.conf(5), but it is missing the "egress" > keyword. > > I'd try to fix and propose a patch, but not understanding it in the > first place poses a bit of problem when attempting to create > documentation! > > Can anyone shed some light on the use of the "egress" keyword? > egress is not a keyword, it is a interface group. `ifconfig egress` will return you the interface that are in the egress group. -- :wq Claudio
January 28 snapshot, pf.conf(5) BNF missing egress keyword
Hi, I have just upgraded from 4.6 to a January 28 snapshot and have been working through the pf.conf changes. The spamd(8) has the following pf.conf snippets as an example: pass in on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd Checking out pf.conf(5), it has a similar snippet: pass on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd with the difference of a missing "in" (pass on egress vs. pass in on egress). I'm trying to fully understand the new syntax and was working through the BNF in pf.conf(5), but it is missing the "egress" keyword. I'd try to fix and propose a patch, but not understanding it in the first place poses a bit of problem when attempting to create documentation! Can anyone shed some light on the use of the "egress" keyword? Thanks, Steve Williams
