PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
tag packets incoming, block or pass outgoing based on tags
eg in a net with several NATing access points, you tag incoming traffic
wifi = "{ 10.0.0.115, 10.0.0.125, 10.0.0.135, 10.0.0.145 }" pass in on $int_if from $wifi to $wifi_allowed port \ $wifi_ports tag wifigood ... pass out on $ext_if tagged wifigood
Then pass or block based on the tag
NOTE: tags are sticky and could be overwritten - all matching tag rules tag, last tag stays