On 12/4/09, Alexander Bochmann <[email protected]> wrote: > Hi, > > did anything change in regard to pf rules with the > route-to option in recent versions of OpenBSD? > > I've just reinstalled an old system that was running > OpenBSD 3.9 with 4.6, and gave it my old pf rulesets. > > There is a rule that is supposed to send all traffic > originating from a certain local network into a tunnel > instead of to the default gateway. Which it did with 3.9. > > Now it seems to do nothing - outgoing traffic just > follows the default route, regardless of the route-to > rule. > > It was basically something like this: > > pass in quick on $int_if route-to $vpn_if from $special_net \ > to ! <localnets> keep state > > (The relevant traffic comes in through $vpn_if by itself.) > > Also tried binding the rule on the external interface, > and using the route-to syntax with gateway address, > but that didn't work either. > > Alex. >
pf has virtually been rewritten in that time.... http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c
