On Thu, Jun 05, 2008 at 07:59:09PM +0400, Yuri Spirin wrote:
> Hello, misc.
>
> In pf.conf syntax there is a "self" keyword which means all addresses
> assigned to all interfaces.
>
> r1:/root# grep self /etc/pf.conf
> table <this_box> persist { self }
> r1:/root#
> r1:/root# pfctl -T show -t this_box
> 10.1.1.1
> 10.3.3.3
> 127.0.0.1
> r1:/root# ifconfig tun2 10.3.3.5
> r1:/root# pfctl -T show -t this_box
> 10.1.1.1
> 10.3.3.3
> 127.0.0.1
> r1:/root# ifconfig tun2 10.3.3.10
> r1:/root# pfctl -T show -t this_box
> 10.1.1.1
> 10.3.3.3
> 127.0.0.1
> r1:/root#
> r1:/root# pfctl -f /etc/pf.conf
> r1:/root# pfctl -T show -t this_box
> 10.1.1.1
> 10.3.3.10
> 127.0.0.1
>
> Is it possible to automatically update rules and tables containing
> "self" keyword when interface address changes (like "($ext_if)"
> behaviour)? Did I missed something in manual?
grep self /etc/pf.conf
table <this_box> persist { (self) }
pfctl -f /etc/pf.conf -n
/etc/pf.conf:21: dynamic addresses are not permitted inside tables
So, can't really put it in a table, but putting '(self)' in a rule should
work (when I tried it, pfctl -sr shows (self) and not an IP).
> --
> Regards,
> Yuri A. Spirin
> mailto:[EMAIL PROTECTED]
--
viq
