[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF "$if:network" syntax with more than one interface IP.

Per-Olov Sjöholm wrote:

Hi !

I have used "$if:network" and "$if:broadcast" much to avoid specifying macros with IP addresses. However... I have recently fixed me a second public IP on my internet interface. Now I see the limitations with this and have to go back and specify the IP:s directly in pf.conf (for the Internet interface..) as I don't want both my public IP:s expanded in the ruleset. If I specify "$if:network" both addresses are expanded....

If you're using 3.5, you can do the following:

"$if:0:network" or "$if:0:broadcast"

It will also work for dynamic addresses, like:

"($if:0:network)" or "($if:0:broadcast)"

The question:
Is is possible to fix the interface a'la Solaris where you can specify interfaces for example "hme0:1", "hme0:2" etc where you have a separate interface name for each IP on the same physical interface.. Then it would still be possible to use the syntax above that I really like.