>I guess you use ($ext_if) - with brackets - instead of the IP address >manually entered (which you obviously don't know). This way PF monitors >the interface for changes of it's IP address and adjusts rules >accordingly. You can verify if it does by doing a 'pfctl -s rules' after >a reconnection, without first reloading the ruleset. > >The problem, though, is probably the states which were already created - >they keep matching the old IP. Clearing of the state table should be >sufficient, and I think this could be done with a macro in your >hostname.pppoe0, like this: >!pfctl -F state > >I've personally never had to do such things, so consider everything I >say just as suggestions. > >Kind regards, >Doichin
Well I added your macro right now but I'm unsure if hostname.pppoe0 is read everytime pppoe0 gets a disconnect (and later a new IP). I think hostname.pppoe0 is read once on boot and the rest is all in kernelspace then (Oh a disconnect! No worries lets try to reconnect...!). I might be wrong and I might understood the concept in a wrong way but hostname.pppoe0 gets called once (and just once) at boot. So how could this macro help after pppoe0 got a new IP? Or is the hostname.pppoe0 realy read once after pppoe0 got a disconnect?! So far I never used such a macro because of my understanding it would have no effect (not even at boot time because pppoe0 sometimes has 2-3 secs no IP (the OS boots further, pf gets enabled) and then it has). If I might misunderstood something please correct me. Kind regards, Sebastian p.s. Thanks for the suggestion with the macro! Combined with a little 'sleep' that may solves the issue for the intial booting propably. Never thougth (again) about a macro in the hostname.pppoe0 'course it may wont solve the real problem I face
