On Thu, May 19, 2011 at 11:43:54AM +0200, Reyk Floeter wrote: > On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote: > > To be honest I'm not sure who will do a 'set skip on sis' or > > 'set skip on em'. > > I would ;-)
... but you don't at the moment. > Sometimes you have machines with different types of physical > interfaces where one type is used for internal stuff like a dedicated > pfsync or management link, eg. > > set skip on em > block in on ix0 > > ...or soekrises with vr(4) and a quad sis(4) in one box. > I normaly use dedicated groups for things like this. Since at the time you add an additional em(4) to your box the ruleset needs to be changed. IMO 'set skip on em' is enough of a freak case to change its behaviour. It is not like we never change the syntax of pf. > > I think the very important bit is this: > > > Hmmm, looking further, it seems ordinary rules only match on the > > > interface name or group as well (in pfi_kif_match()), so maybe > > > you're just plain right after all. :-) > > > > set skip is currently special and works in a not so expected way so it is > > better to make it work like all other users of interface names and people > > needing 'set skip on em' should add a 'group em' line to their > > hostname.em* files. > > > > "ifconfig em" also works, so i think it would be less special and > confusing if "set skip on em" would just work without extra config > magic. > I know that ifconfig em works but it is very special because it tends to break as easy (just do a ifconfig ix0 group em on your previous example and then ifconfig em will print something different). I remember there was a lenght discussion about this special ifconfig mode some time ago. I must say that yes, I use "ifconfig em" heavily but I also realize that it is very inconsistent and may fail badly. If the support is removed I would probably sit down and change my setups to use interface groups but currently I'm to lazy. -- :wq Claudio
