Interface groups and PF

Contributed by grey on 2005-06-21 from the egress for laptops sounds awesome dept.

Thanks to Jonathan & Henning for pointing out the following neat improvement of adding interface groups to pf: See Henning's mail here:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=111894940807554&w=2

(Comments are closed)

Comments

By bert (216.175.250.42) blambert at thepresidency dot org on 2005-06-21 19:45

Allow me to be the first to say...

f'ing sweet.
By Anonymous Coward (131.202.10.5) on 2005-06-21 20:14

Hmm ... I'm hoping this is going to lead to elegant handling of the disappearing and changing routes that corresponding to changing interfaces) on .. say .. laptops. It would *really* nice to be able to unplug from an ethernet cabled docking station, enable wireless wireless access manually or automatically, then reverse the process, without having to waste time thinking hard or rebooting. MS-Windows actually handles this kind of thing fairly well.
Comments
1. By Anonymous Coward (82.43.92.127) on 2005-06-21 21:12
  
  I think you need to read to the end of Henning's linked message
  Comments
  1. By Anonymous Coward (131.202.10.5) on 2005-06-22 11:31
    
    I did read it, and it sounds like it is leading towards a laptop friendly feature, but I'm not 100% clear on whether this is going to mean routes will be transparently or easily managed when my ethernet cable is unplugged on the fly and I want to switch to wireless instead .. or if it just means pf will have the capacity to slickly handle this situation.
By Anonymous Coward (219.109.232.80) on 2005-06-22 04:29

This is VERY nice. Now if we could get ifconfig to support link aggregation/trunking (802.3ad) that would be even more nice and would compliment this new feature. Afterall, FreeBSD and NetBSD support 802.3ad already, why not OpenBSD which is better for firewall use?

http://www.daemon-systems.org/man/agr.4.html
Comments
1. By djm (203.217.30.86) on 2005-06-22 05:05
  
  There is a trunk(4) interface in current and I have been thinking about .3ad, but it is very complex for what it does. It might make sense to start by making a hashed-rr or sticky-rr mode for trunk first, which would provide most of what you want from .3ad without the complexity (this would be a prequisite for .3ad anyway).
By Anonymous Coward (141.12.66.88) on 2005-06-22 06:49

That's great news *insert smiley with thumb up*
By Anonymous Idiot (68.6.193.220) on 2005-06-22 08:10

What about the girl-kissing interface Theo was talking about the other day?
Comments
1. By Anonymous Coward (146.186.107.33) on 2005-06-22 14:55
  
  Why don't you get a real girl?
  Comments
  1. By Anonymous Coward (212.254.40.98) on 2005-06-22 15:40
    
    what about redundancy? does carp support wetware?
    
    Comments
    
    By Anonymous Coward (12.33.122.68) on 2005-06-22 20:25
    
    yes -- get two carps

Latest Articles

Wed, Apr 24
- 04:35 Game of Trees 0.98 released (0)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]