problem with keyword self

Daniel Hartmeier daniel at benzedrine.cx
Fri Jun 30 09:57:46 UTC 2006


On Fri, Jun 30, 2006 at 11:06:02AM +0400, lev-bazanov at mail.ru wrote:

> There is a problem in pf, when I try to add rules with keyword
> "self". Example:

"self" always translates to IP addresses at load-time. To re-translate,
you have to re-load the ruleset.

In rule addresses (but not tables) you can put an interface name in
parentheses, like (fxp0), which causes run-time translation, i.e. the
rule automatically updates when the interfaces changes addresses.

>From pf.conf(5)

     Host name resolution and interface to address translation are done
     at ruleset load-time.  When the address of an interface (or host
     name) changes (under DHCP or PPP, for instance), the ruleset must
     be reloaded for the change to be reflected in the kernel.  Sur-
     rounding the interface name (and optional modifiers) in parentheses
     changes this behaviour.  When the interface name is surrounded by
     parentheses, the rule is automatically updated whenever the inter-
     face changes its address.  The ruleset does not need to be reload-
     ed.  This is especially useful with nat.

Daniel


More information about the freebsd-pf mailing list