Steve Williams <st...@williamsitconsulting.com> writes:
> I'm trying to fully understand the new syntax and was working through
> the BNF in pf.conf(5), but it is missing the "egress" keyword.
egress is the interface group that has your default route.
for example on my laptop here the only really active network interface is iwn0,
so
pe...@deeperthought:~$ ifconfig iwn0
iwn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:26:c6:1c:c9:44
priority: 4
groups: wlan egress
media: IEEE802.11 autoselect (OFDM48 mode 11g)
status: active
ieee80211: nwid skinny chan 7 bssid 00:12:17:68:8c:e9 198dB nwkey <not
displayed>
inet6 fe80::226:c6ff:fe1c:c944%iwn0 prefixlen 64 scopeid 0x1
inet 172.16.30.47 netmask 0xffffff00 broadcast 172.16.30.255
shows that my iwn0 interface is a member of both the wlan and egress
groups.
we've had interface groups for a while, and yes, they're useful in
filtering criteria.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
