* Stuart Henderson s...@spacehopper.org [2011-05-19 11:21]:
Note that the default ruleset does include a 'set skip on lo' but
that's fine since lo* interfaces are by default added to the lo
group.
If people get bitten by this change, they could either add
an
* Alexander Hall ha...@openbsd.org [2011-05-19 10:25]:
On 05/18/11 23:31, Stuart Henderson wrote:
set skip in PF has a slightly unexpected behaviour; rather
than skipping by interface group, it matches on the non-numeric
part of an interface name.
I think the prefix match test is a
* Claudio Jeker cje...@diehard.n-r-g.com [2011-05-19 11:29]:
There is a bigger problem with 'set skip on lo', it is only evaluated
during load. So if you create a lo1 afterwards the set skip will not
trigger. This is very annoying especially with qemu and tun interfaces.
To be honest I'm not
* Stuart Henderson s...@spacehopper.org [2011-05-19 11:21]:
Note that the default ruleset does include a 'set skip on lo' but
that's fine since lo* interfaces are by default added to the lo
group.
If people get bitten by this change, they could either add
an interface-name-matching
* Claudio Jeker cje...@diehard.n-r-g.com [2011-05-19 13:20]:
On Thu, May 19, 2011 at 10:49:59AM +0100, Stuart Henderson wrote:
On 2011/05/19 11:26, Claudio Jeker wrote:
There is a bigger problem with 'set skip on lo', it is only evaluated
during load. So if you create a lo1 afterwards the
* Reyk Floeter r...@openbsd.org [2011-05-19 11:47]:
On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote:
To be honest I'm not sure who will do a 'set skip on sis' or
'set skip on em'.
I would ;-)
Sometimes you have machines with different types of physical
interfaces where
* Stuart Henderson s...@spacehopper.org [2011-05-19 11:50]:
On 2011/05/19 11:26, Claudio Jeker wrote:
There is a bigger problem with 'set skip on lo', it is only evaluated
during load. So if you create a lo1 afterwards the set skip will not
trigger. This is very annoying especially with
On 05/18/11 23:31, Stuart Henderson wrote:
set skip in PF has a slightly unexpected behaviour; rather
than skipping by interface group, it matches on the non-numeric
part of an interface name.
I think the prefix match test is a common behaviour so I think you
should keep that. Example granti
On 2011/05/19 10:22, Alexander Hall wrote:
Hmmm, looking further, it seems ordinary rules only match on the
interface name or group as well (in pfi_kif_match()), so maybe
you're just plain right after all. :-)
Yes, this is the main problem imo. Current 'set skip' handling
pre-dates interface
On Thu, May 19, 2011 at 10:22:07AM +0200, Alexander Hall wrote:
On 05/18/11 23:31, Stuart Henderson wrote:
set skip in PF has a slightly unexpected behaviour; rather
than skipping by interface group, it matches on the non-numeric
part of an interface name.
I think the prefix match test
On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote:
To be honest I'm not sure who will do a 'set skip on sis' or
'set skip on em'.
I would ;-)
Sometimes you have machines with different types of physical
interfaces where one type is used for internal stuff like a dedicated
pfsync or
On 2011/05/19 11:26, Claudio Jeker wrote:
There is a bigger problem with 'set skip on lo', it is only evaluated
during load. So if you create a lo1 afterwards the set skip will not
trigger. This is very annoying especially with qemu and tun interfaces.
Right, I noticed this during testing, and
On 05/19/11 11:43, Reyk Floeter wrote:
On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote:
To be honest I'm not sure who will do a 'set skip on sis' or
'set skip on em'.
I would ;-)
You would, however, not have a big problem adding 'group em' to the
corresponding
On Thu, May 19, 2011 at 11:43:54AM +0200, Reyk Floeter wrote:
On Thu, May 19, 2011 at 11:26:59AM +0200, Claudio Jeker wrote:
To be honest I'm not sure who will do a 'set skip on sis' or
'set skip on em'.
I would ;-)
... but you don't at the moment.
Sometimes you have machines with
set skip in PF has a slightly unexpected behaviour; rather
than skipping by interface group, it matches on the non-numeric
part of an interface name.
for example:
ifconfig carp5 group foo -group carp
set skip on carp
- carp5 is still skipped.
no manpage change included as set skip is already
15 matches
Mail list logo
