* Reyk Floeter <r...@openbsd.org> [2011-05-19 11:47]: > On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote: > > To be honest I'm not sure who will do a 'set skip on sis' or > > 'set skip on em'. > > I would ;-) > > Sometimes you have machines with different types of physical > interfaces where one type is used for internal stuff like a dedicated > pfsync or management link, eg. > > set skip on em > block in on ix0 > > ...or soekrises with vr(4) and a quad sis(4) in one box.
you are abusing a coincidence, in this case, pretty much. but really, you can just put a "group vr" in hostname.vr* if you want this. or use a more descriptive group name to begin with :) > > I think the very important bit is this: > > > Hmmm, looking further, it seems ordinary rules only match on the > > > interface name or group as well (in pfi_kif_match()), so maybe > > > you're just plain right after all. :-) > > set skip is currently special and works in a not so expected way so it is > > better to make it work like all other users of interface names and people > > needing 'set skip on em' should add a 'group em' line to their > > hostname.em* files. > "ifconfig em" also works, so i think it would be less special and > confusing if "set skip on em" would just work without extra config > magic. I disagree. the ifconfig em is a backwards compat hack that doesn't make much sense at all. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
