Does it matter that the subnet mask is configured as a /30, or is it the media type that controls this behavior? Is there any way to use this mechanism on an ethernet interfaces?
On Mon, Mar 31, 2008 at 12:16 AM, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > We're trying to use the :peer modifier to minimize the number of macros > > in our pf configuration files. > > > > For some reason we can't get it to work: > > > > # cat /etc/pf.conf > > set skip on lo > > > > block log > > > > pass in quick on fxp0 inet proto tcp from fxp0:peer to fxp0 port ssh > > > > # pfctl -n -f /etc/pf.conf > > no IP address found for fxp0:peer > > /etc/pf.conf:5: could not parse host specification > > :peer Translates to the point to point interface's peer > ad- > dress(es). > > That won't work. Your fxp is not a point-to-point interface. It is a > broadcast interface. It has many peers, not one.
