2014-09-02 23:10 GMT+04:00 andy <a...@brandwatch.com>:
> Hi,
>
> Hoping this is a pretty dumb question and someone can just shoot me down
> with an instant answer but is there any reason why I can't compare against
> multiple tags?
>
> E.g.
> pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS }
> queue (_wan_dflt,_wan_pri) set prio (1,4) keep state
>
> I seem to only be able compare against one tag at a time which seem to be
> quite limiting?Yes, only one tag maximum. This makes actual comparison in PF fast & easy: internal PF per-packet and per-rule structures both contain a single number, reperesenting a tag. To allow multiple tags you'll need to make size of those structures dynamic. > Cheers, Andy. > > PS; Yes I am only just starting to get round to setting up policy based > rules for the first time as part of a big rewrite for a new much larger > office with *many* VLANs etc.. You'll probably want to play more with "match" rules. -- WBR, Vadim Zhukov
