[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics



> Well, yeah, they do, but why have pf(4) look at them both on in and out
> and on the same interface?
Well, among other reasons, because traffic can originate on the firewall.
> set filter interface {vlan01, vlan02, vlan03}
> 
> The rest is invisible to pf(4).
er:
set trusted_ifs {vlan04, vlan05, ..., vlan09, lo0}
pass in quick on $trusted_ifs all
pass out quick on trusted_ifs all
am I missing something?
-kj