@pitrh Great lecture, thank you. The dhcpd(8) leases trick is woot woot!!!
May I ask:
- Why not using "modulate state" with "flags S/A". Especially on Slide 12 (Lapop)?
- I don't understand when to choose between rdr-to or divert-to. Why not using rdr-to for the spamd redirection? What's the key for choosing between those?
- I like the _ prefixed variable name format (like in /etc/rc or /etc/netstart). Can those be used in /etc/pf.conf? Does it even make sense or is it just a matter of taste?
@jcarnat Thanks! Happy to hear you enjoyed it!
The first is mainly to keep not overcomplicate the slides.
The second, divert-to is more efficient for local (same-system) traffic and spamd was changed to divert-to some releases back (used rdr-to earlier).
For the last, limited tests indicate it would be legal syntax at least:
~$ cat testthis
pass from $_prefix
~$ doas pfctl -vnf testthis
_prefix = "192.168.103.1"
pass inet from 192.168.103.1 to any flags S/SA
@pitrh Thanks a lot for those answers. Crystal clear :)
Do you know if that underscore prefix is « the OpenBSD way » or a fantasy or an error that will rollback soon?
I already switched all my ksh script to using _. But my pf rules are still using the syntax of your slides. So I’m sure which path to take :p
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!