Hi,
I'm getting a strange output from pfctl that I cannot explain, perhaps
someone lurking the list have the answer?
When using interface groupnames in my pf.conf, I see the same rule 4
times when doing a pfctl -s rules.
The interface group i'm using, have a vlan and carp member.
Ex.
pass
http://www.openbsd.org/faq/pf/macros.html
"Lists
A list allows the specification of multiple similar criteria within a rule.
For example, multiple protocols, port numbers, addresses, etc. So, instead of
writing one filter rule for each IP address that needs to be blocked, one rule
can be written
"Lists
A list allows the specification of multiple similar criteria within a
rule.
For example, multiple protocols, port numbers, addresses, etc. So,
instead of
writing one filter rule for each IP address that needs to be blocked,
one rule
can be written by specifying the IP addresses in a lis
On 2015-04-27, Brian S. Vangsgaard wrote:
> When using interface groupnames in my pf.conf, I see the same rule 4
> times when doing a pfctl -s rules.
>
> The interface group i'm using, have a vlan and carp member.
>
> Ex.
> pass in on groupA from groupA:network to groupB:network tag A_TO_B
It's
Using a single interface (ex. vlan) will only produce one line (as I
expect it to do) in the pfctl -s rules output.
This is probably the simplest fix. The actual packets you want to
filter
show up on the vlan interfaces anyway.
You'r right, this would be the best solution at the momemnt.
M
Actually this is a bit odd, can't reproduce it here on 5.5 or -current.
Stuart Henderson skrev den 2015-04-28 15:55:
Actually this is a bit odd, can't reproduce it here on 5.5 or
-current.
I'm running 5.5 GENERIC.MP
SHA256 (/sbin/pfctl) =
9b84b5b3d846cf2f4c4a189d9711cc5d00c4ea096431df4eaea57ebfcd29de8c
7 matches
Mail list logo
