Date: Fri, 30 Jun 2006 11:57:41 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: lev-bazanov@mail.ru Cc: freebsd-pf <freebsd-pf@freebsd.org> Subject: Re: problem with keyword self Message-ID: <20060630095741.GE26234@insomnia.benzedrine.cx> In-Reply-To: <1664838932.20060630110602@mail.ru> References: <1664838932.20060630110602@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 30, 2006 at 11:06:02AM +0400, lev-bazanov@mail.ru wrote:
> There is a problem in pf, when I try to add rules with keyword
> "self". Example:
"self" always translates to IP addresses at load-time. To re-translate,
you have to re-load the ruleset.
In rule addresses (but not tables) you can put an interface name in
parentheses, like (fxp0), which causes run-time translation, i.e. the
rule automatically updates when the interfaces changes addresses.
>From pf.conf(5)
Host name resolution and interface to address translation are done
at ruleset load-time. When the address of an interface (or host
name) changes (under DHCP or PPP, for instance), the ruleset must
be reloaded for the change to be reflected in the kernel. Sur-
rounding the interface name (and optional modifiers) in parentheses
changes this behaviour. When the interface name is surrounded by
parentheses, the rule is automatically updated whenever the inter-
face changes its address. The ruleset does not need to be reload-
ed. This is especially useful with nat.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060630095741.GE26234>