Since hostname.if executes ifconfig commands, I thought that using the command "priority" would solve this case study, as some of you suggested. No, it does not.
``` priority n Set the interface routing priority to n. n is in the range of 0 to 15 with smaller numbers being better. The default priority of an interface is 0, except for IEEE 802.11 wireless interfaces (priority 4), umb(4) interfaces (priority 6), and carp(4) interfaces (priority 15). The default priority of newly connected routes (routes created by configuring an IP address on an interface) is calculated by adding 4 (RTP_CONNECTED) to the interface priority. The default priority of new static routes added to the kernel is calculated by adding 8 (RTP_STATIC) to the interface priority. ``` > cat /etc/hostname.em0 inet 192.168.1.4 255.255.255.0 192.168.1.255 priority 0 group egress up > cat /etc/hostname.em1 inet 192.168.1.5 255.255.255.0 192.168.1.255 priority 1 group egress down > cat /etc/hostname.ix0 inet 192.168.1.6 255.255.255.0 192.168.1.255 priority 2 group lan up > cat /etc/hostname.ix1 inet 192.168.1.7 255.255.255.0 192.168.1.255 priority 3 group lan up > ifconfig lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768 index 6 priority 0 llprio 3 groups: lo inet 127.0.0.1 netmask 0xff000000 ix0: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 lladdr ac:1f:6b:6d:1e:18 index 1 priority 2 llprio 3 groups: lan egress media: Ethernet autoselect (10GSFP+Cu full-duplex,rxpause,txpause) status: active inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255 ix1: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 lladdr ac:1f:6b:6d:1e:19 index 2 priority 3 llprio 3 groups: lan media: Ethernet autoselect status: no carrier inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr ac:1f:6b:6d:1c:88 index 3 priority 0 llprio 3 media: Ethernet autoselect (1000baseT full-duplex,rxpause) status: active inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255 em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr ac:1f:6b:6d:1c:89 index 4 priority 1 llprio 3 media: Ethernet autoselect (none) status: no carrier inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 enc0: flags=0<> index 5 priority 0 llprio 3 groups: enc status: active pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136 index 7 priority 0 llprio 3 groups: pflog On Wednesday, April 2nd, 2025 at 10:44 AM, otto.cooper <otto.coo...@proton.me> wrote: > Reading hostname.if(5) and ifconfig(8) again, I understand that commands in > hostname.if are executed by ifconfig. Of interest here is the ifconfig > command "group"; hostname.if(8) does not say a word about this command, but > it should work. Of special interest here is the group "egress". > hostname.if(5) does not say a word about "egress"; this is not a critique, it > is just a note on the fact. On its turn, ifconfig(8) mentions "egress", > twice, only in reference to the command "group": > > > a group could be used to create a hardware independent pf(4) ruleset (i.e. > > not one based on the names of NICs) using existing (egress, carp, etc.) or > > user-defined groups. > > > The interfaces the default routes point to are members of the "egress" > > interface group. > > > Does it work? > > In the following case study, /etc/hostname.ix0 contains the command "group > lan", and ix0 is assigned to group "lan" as a consequence. This means that > the command "group" works in hostname.if. The command does not work for group > "egress" however. Since em0 is wired to the gateway, em0 is the interface the > default route points to, and therefore it should be assigned to egress. What > follows is evidence of the fact that this does not happen. > > Note that the interface ix0 is wired to the switch, its /etc/hostname.ix0 > puts it in group "lan", it shows up in groups "lan" correctly, but it also > shows up in group "egress" all by itself. You may say that perhaps the > gateway has a wire to the switch as well. You are correct. The wire is needed > because this is how this network works at this time. The OpenBSD firewall > needs to be configured on the existing network before entering production > mode in the existing network: the only change allowed will be the detachment > of the wire that currently joins the gateway to the switch. > > ----------------------------------------------------- > > 192.168.1.1/24 is the LAN > > 192.168.1.1: gateway > 192.168.1.4: em0 wire connected to gateway > 192.168.1.5: em1 down > 192.168.1.6: ix0 wire connected to switch > 192.168.1.7: ix1 down > > > ifconfig > > lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768 > > index 6 priority 0 llprio 3 > groups: lo > inet 127.0.0.1 netmask 0xff000000 > ix0: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 > > lladdr ac:1f:6b:6d:1e:18 > index 1 priority 0 llprio 3 > groups: lan egress > media: Ethernet autoselect (10GSFP+Cu full-duplex,rxpause,txpause) > status: active > inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255 > ix1: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 > > lladdr ac:1f:6b:6d:1e:19 > index 2 priority 0 llprio 3 > groups: lan > media: Ethernet autoselect > status: no carrier > inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255 > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > lladdr ac:1f:6b:6d:1c:88 > index 3 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT full-duplex,rxpause) > status: active > inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255 > em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 > > lladdr ac:1f:6b:6d:1c:89 > index 4 priority 0 llprio 3 > media: Ethernet autoselect (none) > status: no carrier > inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 > enc0: flags=0<> > > index 5 priority 0 llprio 3 > groups: enc > status: active > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136 > > index 7 priority 0 llprio 3 > groups: pflog > > > netstat -r -n > > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 192.168.1.1 UGS 4 74 - 8 ix0 > 224/4 127.0.0.1 URS 0 4 32768 8 lo0 > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > 127.0.0.1 127.0.0.1 UHhl 3 85 32768 1 lo0 > 192.168.1/24 192.168.1.6 UCn 1 97 - 4 ix0 > 192.168.1/24 192.168.1.4 UCPn 0 2 - 4 em0 > 192.168.1/24 192.168.1.5 CPn 0 0 - 4 em1 > 192.168.1/24 192.168.1.7 CPn 0 0 - 4 ix1 > 192.168.1.1 14:49:bc:16:6c:a8 UHLch 1 39 - 3 ix0 > 192.168.1.4 ac:1f:6b:6d:1c:88 UHLl 0 43 - 1 em0 > 192.168.1.5 ac:1f:6b:6d:1c:89 UHLl 0 0 - 1 em1 > 192.168.1.6 ac:1f:6b:6d:1e:18 UHLl 0 7 - 1 ix0 > 192.168.1.7 ac:1f:6b:6d:1e:19 UHLl 0 0 - 1 ix1 > 192.168.1.255 192.168.1.6 UHb 0 642 - 1 ix0 > 192.168.1.255 192.168.1.4 UHPb 0 0 - 1 em0 > 192.168.1.255 192.168.1.5 HPb 0 0 - 1 em1 > 192.168.1.255 192.168.1.7 HPb 0 0 - 1 ix1 > > > route -n get default > > > route to: 0.0.0.0 > destination: 0.0.0.0 > mask: 0.0.0.0 > gateway: 192.168.1.1 > interface: ix0 > if address: 192.168.1.6 > priority: 8 (static) > flags: <UP,GATEWAY,DONE,STATIC> > > use mtu expire > 74 0 0
