On 2025/03/24 12:31, Vaughn A. Hart wrote: > Stuart, > > Thank you for the response. I see the antispoof for self rules expand when I > run pfctl - s all.
I'm not 100% sure but I think antispoof may be a special case. > But I don’t see the block rules for the self keyword do the same; which is > why I emailed you. > What I am attempting to do I capture all the interfaces whether they are > present at plugged in > (say a new docking connection or thunderbolt display) and block those > addresses. I was creating > a table for int (en0-4) and utun but I felt it wouldn’t enable filtering on > newly plugged in > device that’s given a new interface number. So I tried to use self. > > block in log on self from any to 255.255.255.255 > > block in log on self from <bad_actors> to any > . > > block in log on self from <level2> to any > > block in log on self from <level3> to any > > block in log on self from <webclient> to any I don't understand why these block rules need to be per-interface. Can't you just "block in log from <bad_actors> to any", etc?
