On Monday, April 14th, 2025 at 11:42 AM, Daniel Jakots <d...@chown.me> wrote:
> On Mon, 14 Apr 2025 09:33:38 +0000, "otto.cooper" > otto.coo...@proton.me wrote: > > > The problem at hand is how to define the macros ext_if and int_if for > > a system with multiple interfaces. > > > On my router, I use ifconfig's group parameter for that: > https://man.openbsd.org/ifconfig#group > > # grep internal /etc/hostname.* > /etc/hostname.vlan20:group "internal" > /etc/hostname.vlan40:group "internal" > > etc, and then in pf.conf > > # grep internal /etc/pf.conf > pass in on internal proto { tcp, udp } to (self) port ntp > pass in on internal proto { tcp, udp } to (self) port domain > etc > > Cheers, > Daniel This is a most elegant solution. It leverages the famous groups in /etc/hostname.if, it avoids declaring interface macros in pf.conf, and it works in pf anchors.
