Download raw body.
do not add default routes with blackhole or reject to the egress group
do not add default routes with blackhole or reject to the egress group
do not add default routes with blackhole or reject to the egress group
On Wed, May 14, 2025 at 08:24:14AM +0000, Klemens Nanni wrote: > 14 ?????? 2025?????. 06:29:03 UTC, Theo Buehler <tb@theobuehler.org> ??????????: > >On Wed, May 14, 2025 at 08:22:07AM +0200, Claudio Jeker wrote: > >> On Wed, May 14, 2025 at 07:11:04AM +0100, Jason McIntyre wrote: > >> > On Wed, May 14, 2025 at 08:06:28AM +0200, Claudio Jeker wrote: > >> > > On Wed, May 14, 2025 at 06:50:13AM +0100, Jason McIntyre wrote: > >> > > > On Wed, May 14, 2025 at 01:54:42AM +0200, Micha?? Markowski wrote: > >> > > > > czw., 1 maj 2025 o 20:52 Micha?? Markowski <markowski1@gmail.com> napisa??(a): > >> > > > > > Maybe this should be mentioned explicitly in ifconfig(8). > >> > > > > > > >> > > > > > --- sbin/ifconfig/ifconfig.8 > >> > > > > > +++ sbin/ifconfig/ifconfig.8 > >> > > > > > @@ -247,7 +247,11 @@ interface group. > >> > > > > > .It > >> > > > > > The interfaces the default routes point to are members of the > >> > > > > > .Dq egress > >> > > > > > -interface group. > >> > > > > > +interface group, except for the ones marked with > >> > > > > > +.Fl blackhole > >> > > > > > +or > >> > > > > > +.Fl reject > >> > > > > > +flag. > >> > > > > > .It > >> > > > > > IEEE 802.11 wireless interfaces are members of the > >> > > > > > .Dq wlan > >> > > > > > >> > > > > Any thoughts on this? > >> > > > > > >> > > > > >> > > > i don;t understand it myself - don;t these flags apply to routes, rather > >> > > > than interfaces? > >> > > > >> > > The problem is that 'the ones' in the text above refers to routes and not > >> > > the interfaces. Interfaces are added to the egress group if a usable > >> > > default route uses that interface to send traffic out. This now excludes > >> > > blackhole and reject routes (a change made not that long ago). > >> > > > >> > > > having said that, for your language i suggest either > >> > > > > >> > > > marked with *the* -blackhole or -reject flag. > >> > > > or > >> > > > marked with -blackhole or -reject. > >> > > > > >> > > > jmc > >> > > > > >> > > > >> > > -- > >> > > :wq Claudio > >> > > > >> > > >> > right, meaning that an interface can have blackhole or reject set on a > >> > route, and still have a usable default route marked "egress". > >> > > >> > i.e. the diff is not correct? > >> > >> Yes, in theory that is possible but not very likely. > >> > >> -reject and -blackhole routes must use lo(4) as interface. I think we tell > >> people to use 127.0.0.1 as nexthop for those routes. > >> > >> You need to add routes at different priority to have multiple default > >> routes over the same interface. > >> > >> So something like: > >> route add default -priority 56 -blackhole 127.0.0.1 > >> route add default -priority 8 127.0.0.1 > >> > >> Would mark lo0 as egress but the -blackhole route will never match since > >> it is fully covered by the higher priority (8) route. > >> > >> Side note: > >> In general using egress in pf.conf nat-to rules is tricky if there are > >> multiple default routes on the system. E.g. if you have wired and wireless > >> and umb all active at once. The nat-to rule may select the wrong address > >> for outgoing traffic. > > > >Does this work? I dropped the inline Xr since it always became awkward. > > Sure, OK kn > > Two variations online that perhaps read a tad better. > YMMV, feel free to incorporate or ignore. > > What do native speakers say about all vs. any? > I used any where conditions applied, but can't really put a finger on any grammar rule to decide what's the right way. > i don;t discern much difference myself. i guess it's a matter of taste. in all honesty, you could remove "all" or "any" and it would make sense. i think "any" is there because it was used as a starting point to edit the text. jmc > > > >Index: ifconfig.8 > >=================================================================== > >RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v > >diff -u -p -r1.404 ifconfig.8 > >--- ifconfig.8 13 May 2025 15:11:54 -0000 1.404 > >+++ ifconfig.8 14 May 2025 06:28:44 -0000 > >@@ -231,9 +231,8 @@ Some interfaces belong to specific group > > .It Cm all > > All interfaces. > > .It Cm egress > >-Any interfaces in the default > >-.Xr rdomain 4 > >-to which default routes point to. > >+All interfaces to which default routes point that are in rdomain 0 > >+but not blackhole or reject routes. > > Any interfaces in rdomain 0 to which default routes (except blackhole or reject) point. > > Any interfaces to which default routes, not including blackhole or reject ones, point to in the default rdomain 0. > > > .It Cm netboot > > Any interfaces used for network booting, e.g. via > > .Xr pxeboot 8 . > >@@ -2480,6 +2479,7 @@ tried to alter an interface's configurat > > .Xr inet 4 , > > .Xr intro 4 , > > .Xr netintro 4 , > >+.Xr rdomain 4 , > > .Xr rtable 4 , > > .Xr hostname.if 5 , > > .Xr hosts 5 , > > >
do not add default routes with blackhole or reject to the egress group
do not add default routes with blackhole or reject to the egress group
do not add default routes with blackhole or reject to the egress group