On 07 May 2016, Stuart Henderson wrote: > On 2016-05-06, Mark Carroll <m...@ixod.org> wrote: (snip) >> pf ... because it otherwise doesn't realize that 'self' >> includes the address eventually assigned by PPP. > > Use "(self)" not "self".
Interesting! Thank you: I'd previously missed this part of the pf.conf(5) manpage which explains: ] When the interface name is surrounded by parentheses, the rule is ] automatically updated whenever the interface changes its address. The ] ruleset does not need to be reloaded. This is especially useful with ] NAT. I'll have to give it a try. -- Mark
