CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2009/12/23 21:24:19
Modified files:
sbin/pfctl : parse.y pfctl_parser.c
sys/net : pf.c pf_ioctl.c pfvar.h
Log message:
add support to pf for filtering a packet by the interface it was received
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:
pass out on em0 from $foo to $bar received-on fxp0
ive been running this in production for a week now. i find it particularly
usefull with interface groups.
no objections, and a few "i like"s from henning, claudio, deraadt, mpf
