problem with keyword self
Daniel Hartmeier
daniel at benzedrine.cx
Fri Jun 30 09:57:46 UTC 2006
On Fri, Jun 30, 2006 at 11:06:02AM +0400, lev-bazanov at mail.ru wrote:
> There is a problem in pf, when I try to add rules with keyword
> "self". Example:
"self" always translates to IP addresses at load-time. To re-translate,
you have to re-load the ruleset.
In rule addresses (but not tables) you can put an interface name in
parentheses, like (fxp0), which causes run-time translation, i.e. the
rule automatically updates when the interfaces changes addresses.
>From pf.conf(5)
Host name resolution and interface to address translation are done
at ruleset load-time. When the address of an interface (or host
name) changes (under DHCP or PPP, for instance), the ruleset must
be reloaded for the change to be reflected in the kernel. Sur-
rounding the interface name (and optional modifiers) in parentheses
changes this behaviour. When the interface name is surrounded by
parentheses, the rule is automatically updated whenever the inter-
face changes its address. The ruleset does not need to be reload-
ed. This is especially useful with nat.
Daniel
More information about the freebsd-pf
mailing list