pfctl man page says:
-i interface
Restrict the operation to the given interface.
..what exactly is meant under the word "operation" ?
My problem: I want to load a different ruleset for each interface
( jails ) and not care about what's in the ruleset as long as it doesn't
affect anything outside the jail ( which is bound to a specific ip on a
seperate interface )
I tried loading pfctl -i lo1 -f test.fire which contained "block quick
all" ..which promptly killed everything :/
And no, it's not about using the loopback interface.. same goes for
"real" interfaces like nve & fxp. Neither does it restrict you from
loading "block quick on another_iterface all" and still killing
everything..
OpenBSD seems to act the same, so it's probably not an porting bug.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
