Hi all, I committed the network interface group support to DFly 3 days ago, together with the fixes to PF for the interface group support.
1. The cloned interface automatically belongs to the group of its device name, e.g., cloned "tunX" belongs to group of "tun". 2. Group membership is managed by using ifconfig(8): $ ifconfig tun0 group vpn # add "tun0" to group "vpn" $ ifconfig tun0 group -vpn # remove "tun0" from group "vpn" $ ifconfig -g vpn # list the interfaces belonging to group "vpn" 3. The interface group can be used in the same way as the interface name if PF rules. See pf.conf(5) man page for details. 4. As mentioned by swildner, the net/obhttpd port (OpenBSD HTTP server) requires the interface group feature to build and run, so it should work now. NOTE: the "egress" interface group is not supported yet. I'd like to implement it but it's too complicated for me at the moment. (FreeBSD doesn't support the "egress" group as well.) Cheers, -- Aaron
pgpXiFAvKti6f.pgp
Description: OpenPGP digital signature
