Re: PF '$if:network' syntax with more than one interface IP.
On Tuesday 06 July 2004 11.26, Per-Olov Sjöholm wrote: Cedric Berger said: Per-Olov Sjöholm wrote: Hi ! I have used $if:network and $if:broadcast much to avoid specifying macros with IP addresses. However... I have recently fixed me a second public IP on my internet interface. Now I see the limitations with this and have to go back and specify the IP:s directly in pf.conf (for the Internet interface..) as I don't want both my public IP:s expanded in the ruleset. If I specify $if:network both addresses are expanded If you're using 3.5, you can do the following: $if:0:network or $if:0:broadcast It will also work for dynamic addresses, like: ($if:0:network) or ($if:0:broadcast) This was very good news. Thanks Cedric ! Hi again Cedric. I haven't had the time to fix with this until now. That's why this thread reply comes one months after the last post. It seems like the $if:0 syntax works ok. Using this I can avoid hardcoded ip:s for the interfaces in pf.conf. But I also assumed that I should be able to use $if:1 as well when I have a inet alias in my hostname.fxp1 file. But trying to use anything else but :0 doesn't work. Using $if:1 in pf.conf with a verbose reload produce a: --snip-- no IP address found for fxp1:1 /etc/pf.conf:202: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded --snip-- (The hosts and hostname.fxp1 files are ok. and both names are in the DNS as well except for the PTR:s.) Maybe you know why it's not possible to specify the inet alias ip from the hostname file with :1 in pf.conf ? I think it should work. But how ? Otherwise this syntax seems to be useless if only :0 works. Thanks in advance Per-Olov Sjöholm Regards /Per-Olov The question: Is is possible to fix the interface a'la Solaris where you can specify interfaces for example hme0:1, hme0:2 etc where you have a separate interface name for each IP on the same physical interface.. Then it would still be possible to use the syntax above that I really like. No Cedric
Re: PF '$if:network' syntax with more than one interface IP.
* Per-Olov Sjöholm [EMAIL PROTECTED] [2004-08-04 15:20]: But I also assumed that I should be able to use $if:1 as well when I have a inet alias in my hostname.fxp1 file. as aliases are just that, aliases, without a special hirarchy or order or such, this cannot possibly work. Which of the, say, 10 aliases is the omne referred to with fxp0:1? That cannot work. and, well, come on. you want a specific IP, so use that in your ruleset. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: PF $if:network syntax with more than one interface IP.
On 5 Jul 2004 12:54:48 -0700, [EMAIL PROTECTED] (Per-Olov Sjöholm) wrote: Is is possible to fix the interface a'la Solaris where you can specify interfaces for example hme0:1, hme0:2 etc where you have a separate interface name for each IP on the same physical interface.. The solaris syntax for interface aliases is logical and easy to work with. Such an addition would be welcome imho. greg -- Konnt ihr mich horen? Konnt ihr mich sehen? Konnt ihr mich fuhlen? Ich versteh euch nicht
Re: PF $if:network syntax with more than one interface IP.
Per-Olov Sjöholm wrote: Hi ! I have used $if:network and $if:broadcast much to avoid specifying macros with IP addresses. However... I have recently fixed me a second public IP on my internet interface. Now I see the limitations with this and have to go back and specify the IP:s directly in pf.conf (for the Internet interface..) as I don't want both my public IP:s expanded in the ruleset. If I specify $if:network both addresses are expanded If you're using 3.5, you can do the following: $if:0:network or $if:0:broadcast It will also work for dynamic addresses, like: ($if:0:network) or ($if:0:broadcast) The question: Is is possible to fix the interface a'la Solaris where you can specify interfaces for example hme0:1, hme0:2 etc where you have a separate interface name for each IP on the same physical interface.. Then it would still be possible to use the syntax above that I really like. No Cedric
Re: PF $if:network syntax with more than one interface IP.
$if:network:0 will only grab the network for the primary address; ignoring aliases. not sure if there's a way to grab a specific alias through some other syntax. -j On Mon, 2004-07-05 at 14:29, Per-Olov Sjöholm wrote: Hi ! I have used $if:network and $if:broadcast much to avoid specifying macros with IP addresses. However... I have recently fixed me a second public IP on my internet interface. Now I see the limitations with this and have to go back and specify the IP:s directly in pf.conf (for the Internet interface..) as I don't want both my public IP:s expanded in the ruleset. If I specify $if:network both addresses are expanded The question: Is is possible to fix the interface a'la Solaris where you can specify interfaces for example hme0:1, hme0:2 etc where you have a separate interface name for each IP on the same physical interface.. Then it would still be possible to use the syntax above that I really like. Thanks Per-Olov -- Jason Opperisano [EMAIL PROTECTED]
PF $if:network syntax with more than one interface IP.
Hi ! I have used $if:network and $if:broadcast much to avoid specifying macros with IP addresses. However... I have recently fixed me a second public IP on my internet interface. Now I see the limitations with this and have to go back and specify the IP:s directly in pf.conf (for the Internet interface..) as I don't want both my public IP:s expanded in the ruleset. If I specify $if:network both addresses are expanded The question: Is is possible to fix the interface a'la Solaris where you can specify interfaces for example hme0:1, hme0:2 etc where you have a separate interface name for each IP on the same physical interface.. Then it would still be possible to use the syntax above that I really like. Thanks Per-Olov
