On 04-10-2014 11:06, Peter N. M. Hansteen wrote: > The parentheses denote potentially dynamic addresses, and IIRC the > main difference is that with parentheses the list will be expanded > IIRC at rule evaluation time, while without the parentheses, the list > of addresses is expanded at ruleset load time. The man page talks only about interface names surrounded by parentheses. But, from my experience, (self) work at evaluation time, just as (egress) does. No need to reload the ruleset everytime any address change. Perhaps it would be nice to improve the man page on that subject?
Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
