Page MenuHomeFreeBSD
Differential D46577

pf: allow filtering on the receive interface
ClosedPublic
Actions

Authored by kp on Sep 7 2024, 9:34 AM.
Tags
None
Referenced Files
F142814678: D46577.id143385.diff
Fri, Jan 23, 9:02 PM
Unknown Object (File)
Fri, Jan 23, 3:35 AM
Unknown Object (File)
Thu, Jan 22, 8:03 PM
Unknown Object (File)
Dec 20 2025, 12:39 PM
Unknown Object (File)
Dec 17 2025, 12:41 PM
Unknown Object (File)
Dec 10 2025, 12:46 PM
Unknown Object (File)
Dec 4 2025, 6:20 AM
Unknown Object (File)
Nov 18 2025, 11:14 AM
View All 92 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG2339ead6384e: pf: allow filtering on the receive interface
Summary

add support to pf for filtering a packet by the interface it was received
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:

pass out on em0 from $foo to $bar received-on fxp0

ive been running this in production for a week now. i find it particularly
usefull with interface groups.

no objections, and a few "i like"s from henning, claudio, deraadt, mpf

Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 95b4320893
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
2 lines
sbin/
pfctl/
37 lines
2 lines
sys/
net/
2 lines
netpfil/
pf/
24 lines
15 lines
1 line
3 lines

Diff 143385

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/parse.y

Loading...
View Options

sbin/pfctl/pfctl_parser.c

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nl.h

Loading...
View Options

sys/netpfil/pf/pf_nl.c

Loading...