On Thu, May 12, 2016 at 09:36:35AM +0200, Gabriele Tozzi wrote: > Hi there, > > I have a pppoe0 interface setup like this (hostname.pppoe0): > > inet 0.0.0.0 255.255.255.255 NONE \ > pppoedev re0 \ > authproto pap \ > authname 'myuser' \ > authkey 'mypass' up > dest 0.0.0.1 > !/sbin/route add default 0.0.0.1 > !/sbin/pfctl -f /etc/pf.conf > !/etc/rc.d/isc_named restart > !/etc/rc.d/aiccu restart > > > Then I have setup PF to allow incoming ssh traffic. Here is my rule: > > pass in on pppoe0 inet proto tcp to pppoe0 port ssh keep state > > > The interface has a dynamic IP. I was relying on the "!/sbin/pfctl -f > /etc/pf.conf" rule to reload my PF when the IP changes but, apparently, > it is not working as expected: it looks like the interface can change > its IP without being restarted, so PF never gets reloaded and keeps > using the old IP. > > I am now thinking of placing a cron job that just reloads PF once in a > while. Is there a cleaner way to reload PF when the IP changes? Or maybe > even a better way to write the rule so that it auto-updates without the > need to reload PF at all?
You can use interface groups, 'egress' or 'ppp' ? You can also hack your setup to label a router and use 'route <label>'. j.
