* Ryan Puckett <[EMAIL PROTECTED]> [2005-10-07 22:36]:
> Under the Tables section in the pf.conf(5) man page, it is indicated
> that tables can be created with a valid interface group. I'm taking
> this to mean I can do the following:
>
> table <all-of-my-vlans> { vlan }
>
> or better yet:
>
> table <outside> { egress }
>
> but when loading up the ruleset or even trying to manually add the table
> via command line "pfctl -t outside -T add egress" I receive:
>
> no IP address found for egress
>
> I have no problems when specifying the exact interface such as vlan0.
>
> So my question is: did I misread this?
no, I managed to miss implementing the static expansion, the way more
complicated dynamic expansion for interface groups works fine. I'll add
the static one asap.
however, you probably don't want that anyway. extending your example
slightly.
table <all-of-my-vlans> { vlan }
pass to <all-of-my-vlans>
is equal to
pass to (vlan)
except that the latter saves some tiny amounts of memory, and, more
important, gets dynamically updated when vlan interfaces get added or
removed or IPs change on any vlan interface.
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
