From owner-freebsd-pf@FreeBSD.ORG Fri Jun 30 09:57:46 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CCAD16A415 for ; Fri, 30 Jun 2006 09:57:46 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9909643D48 for ; Fri, 30 Jun 2006 09:57:45 +0000 (GMT) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) by insomnia.benzedrine.cx (8.13.4/8.13.4) with ESMTP id k5U9vguw018306 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Fri, 30 Jun 2006 11:57:42 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.13.4/8.12.10/Submit) id k5U9vgXO010464; Fri, 30 Jun 2006 11:57:42 +0200 (MEST) Date: Fri, 30 Jun 2006 11:57:41 +0200 From: Daniel Hartmeier To: lev-bazanov@mail.ru Message-ID: <20060630095741.GE26234@insomnia.benzedrine.cx> References: <1664838932.20060630110602@mail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1664838932.20060630110602@mail.ru> User-Agent: Mutt/1.5.10i Cc: freebsd-pf Subject: Re: problem with keyword self X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 09:57:46 -0000 On Fri, Jun 30, 2006 at 11:06:02AM +0400, lev-bazanov@mail.ru wrote: > There is a problem in pf, when I try to add rules with keyword > "self". Example: "self" always translates to IP addresses at load-time. To re-translate, you have to re-load the ruleset. In rule addresses (but not tables) you can put an interface name in parentheses, like (fxp0), which causes run-time translation, i.e. the rule automatically updates when the interfaces changes addresses. >From pf.conf(5) Host name resolution and interface to address translation are done at ruleset load-time. When the address of an interface (or host name) changes (under DHCP or PPP, for instance), the ruleset must be reloaded for the change to be reflected in the kernel. Sur- rounding the interface name (and optional modifiers) in parentheses changes this behaviour. When the interface name is surrounded by parentheses, the rule is automatically updated whenever the inter- face changes its address. The ruleset does not need to be reload- ed. This is especially useful with nat. Daniel