DFly now supports network interface group
Aaron LI
aly at aaronly.me
Sat Aug 11 23:09:11 PDT 2018
Hi all,
I committed the network interface group support to DFly 3 days ago, together
with the fixes to PF for the interface group support.
1. The cloned interface automatically belongs to the group of its device
name, e.g., cloned "tunX" belongs to group of "tun".
2. Group membership is managed by using ifconfig(8):
$ ifconfig tun0 group vpn # add "tun0" to group "vpn"
$ ifconfig tun0 group -vpn # remove "tun0" from group "vpn"
$ ifconfig -g vpn # list the interfaces belonging to group "vpn"
3. The interface group can be used in the same way as the interface name if
PF rules. See pf.conf(5) man page for details.
4. As mentioned by swildner, the net/obhttpd port (OpenBSD HTTP server)
requires the interface group feature to build and run, so it should work now.
NOTE: the "egress" interface group is not supported yet. I'd like to
implement it but it's too complicated for me at the moment. (FreeBSD doesn't
support the "egress" group as well.)
Cheers,
--
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20180812/150752c3/attachment.bin>
More information about the Users
mailing list