From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: do not add default routes with blackhole or reject to the egress group
To: tech@openbsd.org
Date: Wed, 14 May 2025 08:06:28 +0200

On Wed, May 14, 2025 at 06:50:13AM +0100, Jason McIntyre wrote:
> On Wed, May 14, 2025 at 01:54:42AM +0200, Micha?? Markowski wrote:
> > czw., 1 maj 2025 o 20:52 Micha?? Markowski <markowski1@gmail.com> napisa??(a):
> > > Maybe this should be mentioned explicitly in ifconfig(8).
> > >
> > > --- sbin/ifconfig/ifconfig.8
> > > +++ sbin/ifconfig/ifconfig.8
> > > @@ -247,7 +247,11 @@ interface group.
> > >  .It
> > >  The interfaces the default routes point to are members of the
> > >  .Dq egress
> > > -interface group.
> > > +interface group, except for the ones marked with
> > > +.Fl blackhole
> > > +or
> > > +.Fl reject
> > > +flag.
> > >  .It
> > >  IEEE 802.11 wireless interfaces are members of the
> > >  .Dq wlan
> > 
> > Any thoughts on this?
> > 
> 
> i don;t understand it myself - don;t these flags apply to routes, rather
> than interfaces?

The problem is that 'the ones' in the text above refers to routes and not
the interfaces. Interfaces are added to the egress group if a usable
default route uses that interface to send traffic out.  This now excludes
blackhole and reject routes (a change made not that long ago).

> having said that, for your language i suggest either
> 
> 	marked with *the* -blackhole or -reject flag.
> or
> 	marked with -blackhole or -reject.
> 
> jmc
> 

-- 
:wq Claudio