HomeFreeBSD

pf: allow filtering on the receive interface

Description

pf: allow filtering on the receive interface

add support to pf for filtering a packet by the interface it was received
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:

pass out on em0 from $foo to $bar received-on fxp0

ive been running this in production for a week now. i find it particularly
usefull with interface groups.

no objections, and a few "i like"s from henning, claudio, deraadt, mpf

Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 95b4320893
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46577

Details

Provenance
kpAuthored on Aug 29 2024, 7:41 AM
Differential Revision
D46577: pf: allow filtering on the receive interface
Parents
rG50ecaf1bd46a: pf: use AF_INET6 when comparing IPv6 addresses
Branches
Unknown
Tags
Unknown