Page MenuHomeFreeBSD
Differential D46577

pf: allow filtering on the receive interface
ClosedPublic
Actions

Authored by kp on Sep 7 2024, 9:34 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 18, 11:14 AM
Unknown Object (File)
Wed, Nov 5, 9:30 AM
Unknown Object (File)
Tue, Nov 4, 2:32 PM
Unknown Object (File)
Oct 27 2025, 8:01 AM
Unknown Object (File)
Oct 26 2025, 12:31 PM
Unknown Object (File)
Oct 25 2025, 1:34 AM
Unknown Object (File)
Oct 24 2025, 3:55 AM
Unknown Object (File)
Oct 24 2025, 3:55 AM
View All 85 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG2339ead6384e: pf: allow filtering on the receive interface
Summary

add support to pf for filtering a packet by the interface it was received
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:

pass out on em0 from $foo to $bar received-on fxp0

ive been running this in production for a week now. i find it particularly
usefull with interface groups.

no objections, and a few "i like"s from henning, claudio, deraadt, mpf

Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 95b4320893
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
2 lines
sbin/
pfctl/
37 lines
2 lines
sys/
net/
2 lines
netpfil/
pf/
24 lines
15 lines
1 line
3 lines

Diff 143385

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/parse.y

Loading...
View Options

sbin/pfctl/pfctl_parser.c

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nl.h

Loading...
View Options

sys/netpfil/pf/pf_nl.c

Loading...