PF PF and VLANs

[jbo@]

The FreeBSD handbook explains how to setup VLANs. However, I couldn't find information of how to use VLANs in a PF configuration.
Assuming that I have one or more VLANs assigned to the network interface igb0 - which show up as igb0.5 etc - do I just use igb0.5 as the network interface within the PF configuration?

 

[maldenvik]

That would work or as an alias
vlan="igb0.5"
or pass in on igb0.5
which suits you best.

 

[pos]

Noting special at all for VLAN:s with PF. It is like maldenvik said....

An /etc/rc.conf example. This is however just one way.
FreeBSD is very flexible. So there are a couple of more ways to set it up.

### WAN INT ###
ifconfig_ix3_name="wan0"
# You should disable LRO and TSO if this machine will route packets.
ifconfig_wan0="inet <WAN_IP> netmask <WAN_MASK> -lro -tso4 -tso6 -vlanhwtso"
ifconfig_wan0_alias0="inet <EVENTUAL_ALIAS_IP> netmask <MASK>"

## ALL VLANS ###
# You should disable LRO and TSO if this machine will route packets. I.e a FW...
ifconfig_ix2="up -lro -tso4 -tso6 -vlanhwtso"
vlans_ix2="vlan2 vlan3 vlan4 vlan899"

create_args_vlan2="vlan 2"
ifconfig_vlan2="inet <PUT_AN_IPV4_HERE_WITH_MASK>"
ifconfig_vlan2_ipv6="inet6 <PUT_AN_IPV6_HERE_WITH_MASK>"
ifconfig_vlan2_descr="Local LAN network (vlan 2)"

create_args_vlan3="vlan 3"
ifconfig_vlan3="inet <PUT_AN_IPV4_HERE_WITH_MASK>"
ifconfig_vlan3_ipv6="inet6 <PUT_AN_IPV6_HERE_WITH_MASK>"
ifconfig_vlan3_descr="DMZ1 network (vlan 3)"

create_args_vlan4="vlan 4"
ifconfig_vlan4="inet <PUT_AN_IPV4_HERE_WITH_MASK>"
ifconfig_vlan4_ipv6="inet6 <PUT_AN_IPV6_HERE_WITH_MASK>4"
ifconfig_vlan4_descr="DMZ2 network (vlan 4)"

create_args_vlan899="vlan 899"
ifconfig_vlan899="inet <PUT_AN_IPV4_HERE_WITH_MASK>"
ifconfig_vlan899_descr="Guest network (vlan 899)"

### In PF variable section....
LAN_INT="vlan2"
DMZ1_INT="vlan3"
DMZ2_INT="vlan4"
GUEST_INT="vlan899"
INTERNET_INT="wan0"

Then just use them as usual.

pass in quick on $LAN_INT ....