Stuart Henderson skrev den 2015-04-28 15:55:
Actually this is a bit odd, can't reproduce it here on 5.5 or
-current.
I'm running 5.5 GENERIC.MP
SHA256 (/sbin/pfctl) =
9b84b5b3d846cf2f4c4a189d9711cc5d00c4ea096431df4eaea57ebfcd29de8c
Actually this is a bit odd, can't reproduce it here on 5.5 or -current.
Using a single interface (ex. vlan) will only produce one line (as I
expect it to do) in the pfctl -s rules output.
This is probably the simplest fix. The actual packets you want to
filter
show up on the vlan interfaces anyway.
You'r right, this would be the best solution at the momemnt.
M
On 2015-04-27, Brian S. Vangsgaard wrote:
> When using interface groupnames in my pf.conf, I see the same rule 4
> times when doing a pfctl -s rules.
>
> The interface group i'm using, have a vlan and carp member.
>
> Ex.
> pass in on groupA from groupA:network to groupB:network tag A_TO_B
It's
"Lists
A list allows the specification of multiple similar criteria within a
rule.
For example, multiple protocols, port numbers, addresses, etc. So,
instead of
writing one filter rule for each IP address that needs to be blocked,
one rule
can be written by specifying the IP addresses in a lis
http://www.openbsd.org/faq/pf/macros.html
"Lists
A list allows the specification of multiple similar criteria within a rule.
For example, multiple protocols, port numbers, addresses, etc. So, instead of
writing one filter rule for each IP address that needs to be blocked, one rule
can be written
Hi,
I'm getting a strange output from pfctl that I cannot explain, perhaps
someone lurking the list have the answer?
When using interface groupnames in my pf.conf, I see the same rule 4
times when doing a pfctl -s rules.
The interface group i'm using, have a vlan and carp member.
Ex.
pass
7 matches
Mail list logo
