Re: Translate IPFW rules to PF rules

"Bert Moorthaemer" <nospam.bert.moorthaemer@xxxxxxxxxx> writes:

Hi Ross,

Thanks! I already saw some references to the "self" keyword, but I couldn't
find anything about it in the documentation.

"Ross Alexander" <rwa@xxxxxxxxxxxxxx> wrote in message
first, get a table into scope and load it up with the necessary values:

table <SELF> persist { self }

then refer to <SELF> in the obvious way. [...]

Bert,

One caveat with this technique is that if you have interfaces that
come and go - ie, dynamically created GRE tunnel endpoints or that
sort of thing - the <SELF> table will need to be manually updated as
the new self-IP addrs appear and again as they disappear. It doesn't
happen automagically, which is Something to Know.

pfctl -t SELF -T add new.self.ip.addr
pfctl -t SELF -T delete old.self.ip.addr

However, if you load your pf rules after you've created and assigned
all your interfaces you needn't worry about this, because the "self"
reserved word DOES track the comings and goings of interfaces.

Another trick I often use is to add the broadcast addresses for my
various nets to <SELF> (and sometimes 255.255.255.255 as well), then
things like

anchor to_self inet from any to <SELF>

have a more intuitive meaning. So the table set up might become

table <SELF> persist { \
self, \
$Ext_If:broadcast, \
$Int_If:broadcast, \
$DMZ_If:broadcast, \
255.255.255.255 \
}

and so on.

regards,
Ross
.

Relevant Pages

  • Re: Poster boy for optional and keyword args together?
    ... &OPTIONAL and &KEY in the same lambda list; again, the keyword ... In a way, this is vaguely similar to Java's interfaces, whereby ... So if key args were passed in a ... In CL's optionals, ...
    (comp.lang.lisp)
  • Re: Python for large projects
    ... >> The ability to do unit testing should not be an afterthought. ... > look into a queue, and if there is a new URL to fetch, fetches it with ... All of the interfaces to the job management object and the job object need to be ... interface documentation and one writing test scaffolding against the same ...
    (comp.lang.python)
  • Re: Poster boy for optional and keyword args together?
    ... with the keyword args as afterthoughts and importantly a ... &OPTIONAL and &KEY in the same lambda list; again, the keyword ... this is the best explanation I've ever seen of this. ... In a way, this is vaguely similar to Java's interfaces, whereby ...
    (comp.lang.lisp)
  • Re: Calling Excel from c++
    ... All Office components export automation interfaces. ... The Good News is that these are pretty well documented. ... The Bad News is that the documentation is mindlessly hard to use, ...
    (microsoft.public.vc.mfc)
  • Re: Java "interface" vs. OO interface
    ... > I think Java uses interfaces instead of classes because the designers ... To think that the designers of Java and .NET couldn't figure out a good ... Enough for a language to adopt a new keyword ...
    (comp.object)