Dear PF users and coders, If someone strictly follow the BNF of pf.conf man pages (thansk for the great doc guys) the declaration after route-to would be able to be (ifX:someting)@ifY. It does not make much sense as the first part would be a gateway if i understood well enough. Maybe the :peer would be usefull, route-to (tun0:peer)@tun0 feels 'legit'
1 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 2 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to 172.16.1.8@em5 3 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to 172.16.1.8 4 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to em5 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to (em5:0)@em5 Last rules is not parsed. First rule will reply and route data given basic logic, in a mpath case with multiple default route it may reply on an interface different from the connection entry. It's fine. Second rules reply using 172.16.1.8 as a gateway and end on em5. Third rules does the same but on the most relevant interface. But what actually does the fourth ? does the system look a root that match destination on em5 ? (i stopped my code reading in pfctl/parse.y) I may be a good idea to explain this in the man page ? Thanks for reading, Best. -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
