Page MenuHomeFreeBSD
Differential D46577

pf: allow filtering on the receive interface
ClosedPublic
Actions

Authored by kp on Sep 7 2024, 9:34 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, May 10, 6:40 PM
Unknown Object (File)
Sun, May 10, 6:40 PM
Unknown Object (File)
Mon, Apr 27, 8:05 PM
Unknown Object (File)
Mon, Apr 27, 7:42 AM
Unknown Object (File)
Apr 19 2026, 7:31 PM
Unknown Object (File)
Apr 11 2026, 1:54 AM
Unknown Object (File)
Apr 8 2026, 4:42 PM
Unknown Object (File)
Apr 8 2026, 4:59 AM
View All Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG2339ead6384e: pf: allow filtering on the receive interface
Summary

add support to pf for filtering a packet by the interface it was received
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:

pass out on em0 from $foo to $bar received-on fxp0

ive been running this in production for a week now. i find it particularly
usefull with interface groups.

no objections, and a few "i like"s from henning, claudio, deraadt, mpf

Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 95b4320893
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
2 lines
sbin/
pfctl/
37 lines
2 lines
sys/
net/
2 lines
netpfil/
pf/
24 lines
15 lines
1 line
3 lines

Diff 143385

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/parse.y

Loading...
View Options

sbin/pfctl/pfctl_parser.c

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nl.h

Loading...
View Options

sys/netpfil/pf/pf_nl.c

Loading...