[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF '$if:network' syntax with more than one interface IP.



On Wednesday 04 August 2004 15.40, Henning Brauer wrote:
> * Per-Olov Sjöholm <[email protected]> [2004-08-04 15:20]:
> > But I also assumed that I should be able to
> > use $if:1 as well when I have a "inet alias" in my hostname.fxp1 file.
>
> as aliases are just that, aliases, without a special hirarchy or order
> or such, this cannot possibly work. Which of the, say, 10 aliases is
> the omne referred to with fxp0:1?
> That cannot work.
The logic could maybe be the order the IP alias appear in the hostname.if file 
($if:1 = alias no 1, $if:2 = alias no 2 etc). That would be an easy way... 
But there are maybe drawbacks with that ? One drawback could be that you will 
have a different ruleset if the alias order in hostname.if is changed. And 
that is of course not so good. 
But it should be ok if you just have one alias. Wouldn't it ? So the ruleset 
reload could reject this syntax if the hostname.if file contains more than 
one alias  otherwise accept both $if:0 and $if:1. 
Another solution that would work for many aliases could be an optional alias 
num in the hostname.if file ? Then the order doesn't matter.
>
> and, well, come on.
> you want a specific IP, so use that in your ruleset.
Your right. I can put in the IP:s in the ruleset (I have that today). But I 
like the way Solaris treat this hostname.if:0, hostname.if:1 etc.. And that 
was how this thread was started from the beginning. I also liked the 
$if:network and $if.broadcast syntax. And therfor I wanted to check if it was 
possible to do what we just discussed. 
But ok. Now I know it's not possibe. Well not in todays code...
Thanks for the answer
/Per-Olov