| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
tag packets incoming, block or pass outgoing based on tags
eg in a net with several NATing access points, you tag incoming traffic
wifi = "{ 10.0.0.115, 10.0.0.125, 10.0.0.135, 10.0.0.145 }"
pass in on $int_if from $wifi to $wifi_allowed port \
$wifi_ports tag wifigood
...
pass out on $ext_if tagged wifigoodThen pass or block based on the tag
NOTE: tags are sticky and could be overwritten - all matching tag rules tag, last tag stays