* Claudio Jeker <cje...@diehard.n-r-g.com> [2011-05-19 11:29]: > There is a bigger problem with 'set skip on lo', it is only evaluated > during load. So if you create a lo1 afterwards the set skip will not > trigger. This is very annoying especially with qemu and tun interfaces. > > To be honest I'm not sure who will do a 'set skip on sis' or > 'set skip on em'. Normaly you want to filter on your physical interfaces > and not just skip them all. For pseudo-devices like lo, tun, vlan, etc. a > group is created automatically. > > I think the very important bit is this: > > Hmmm, looking further, it seems ordinary rules only match on the > > interface name or group as well (in pfi_kif_match()), so maybe > > you're just plain right after all. :-) > > set skip is currently special and works in a not so expected way so it is > better to make it work like all other users of interface names and people > needing 'set skip on em' should add a 'group em' line to their > hostname.em* files.
spot on. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
