Hello David,
thanks for nice wrap up of the story...
</snip>
>
> this change does the following:
>
> - stores the route info in the state instead of the pf rule
>
> this allows route-to to keep working when the ruleset changes, and
> allows route-to info to be sent over pfsync. there's enough spare bits
> in pfsync messages that the protocol doesnt break.
>
> the caveat is that route-to becomes tied to pass rules that create
> state, like rdr-to and nat-to.
>
> - the argument to route-to etc is a destination ip address
>
> it's not limited to a next-hop address (thought a next-hop can be a
> destination address). this allows for the failover and load balancing
> referred to above.
>
> - deprecates the address@interface host syntax in pfctl
>
> because routing is done entirely by IPs, the interface is derived from
> the route lookup, not pf.
I think this requires a notion in changelog.
>
> this change does not affect some other stuff discussed in the thread:
>
> - it keeps the current semantic where when route-to changes which
> interface the packet is travelling over, it runs pf_test again.
>
> that's a separate change for broader discussion.
>
OK sashan
