From owner-freebsd-net@FreeBSD.ORG Sun Mar 9 23:32:29 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A29CF990 for ; Sun, 9 Mar 2014 23:32:29 +0000 (UTC) Received: from mail-pd0-x22a.google.com (mail-pd0-x22a.google.com [IPv6:2607:f8b0:400e:c02::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 71DAD2DB for ; Sun, 9 Mar 2014 23:32:29 +0000 (UTC) Received: by mail-pd0-f170.google.com with SMTP id v10so6335558pde.29 for ; Sun, 09 Mar 2014 16:32:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ae-35.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=SZBvQiEDZsV5DNgIVXwFWjQKrPf+h0EXLceJzrDtiWs=; b=IfDMCtvcuhcRlhhUnD6rc51aFZCpRBHdVOQnREBpNNmKVHSHfwFHto5LcYfc5PqoxZ KOPL2ZeswnMnq/u+ewYQ8Xa6J+b+pUd/eI5wYg75Qe3FaxsrFW4bUbUbL4qYX4Chxu5J 8yDgHKE0UMt90R1pxhtL1JQLLrDqMA/VeVHKE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=SZBvQiEDZsV5DNgIVXwFWjQKrPf+h0EXLceJzrDtiWs=; b=XwGXeU8bj/+a3gbSc0GIl08+xCIV9V/k3JOdm+2YBkykKp/ptOqBuVQtrSYrwhkyKK ZdIjyuQacecNkl3Pe0AdHbq5wr9sh1NFSFeLFZz6Ie74Wd3x/fmaUokkQ2WFdlWxp76n /3z+OHkq1RFX4knhC1orx7jE3rqkPfsIA/Q1+wk7bZ1V3ByOM61HiGvJbLZj3f0EBQfW FzvMuO7qKn/GNRIREH5QijU9khy/D4rXzbpl5Eb29N1gsXO5qvDpEkgmw/tpP135583G ryw/7DzddrKSpHJt2UQCI2uiYXCxcfB8fxSCAOZFfV1vcU1ypt0/C9/WA8cwyz6PVR7z 8XiQ== X-Gm-Message-State: ALoCoQkmB1U8ruNUW16qSt3Zini/Fvrvtiu+Ze3vdFV1xIQ/EKl5vjOsQ5hAaI3hajXN+7/c/Hop X-Received: by 10.66.151.205 with SMTP id us13mr36069224pab.93.1394407948689; Sun, 09 Mar 2014 16:32:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.70.98.132 with HTTP; Sun, 9 Mar 2014 16:32:08 -0700 (PDT) X-Originating-IP: [109.224.162.206] In-Reply-To: <20140309231829.GG32089@funkthat.com> References: <20140309231829.GG32089@funkthat.com> From: =?ISO-8859-1?Q?Andr=E9_Lucas?= Date: Sun, 9 Mar 2014 23:32:08 +0000 Message-ID: Subject: Re: Using pf.conf with public access points. To: Joe Nosay , freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2014 23:32:29 -0000 On 9 March 2014 23:18, John-Mark Gurney wrote: > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400: > > 2. How do I compensate for the use of public access points when the IP > > addresses will always be different? > > it doesn't appear that pf has this ability, but it looks like ipfw > has this, from ipfw(8): > me matches any IP address configured on an interface in > the > system. > > So, maybe switching to ipfw might be an option.. > pf can follow the IP address of an interface. From the pf.conf(5) manual page, "When the interface name is surrounded by parentheses, the rule is automatically updated whenever the interface changes its address. The ruleset does not need to be reloaded. This is especially useful with nat." -Andr=E9