Le Tue, Sep 21, 2021 at 10:40:12PM +0200, Sebastian Benoit a écrit : > Alexander Bluhm([email protected]) on 2021.09.21 22:34:09 +0200: > > On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote: > > > did i screwup something somewhere in my config and there's a better way > > > for that ? > > > > This was changed in February. No more interface, but gateway > > addresses. It seems that some parts of the documentation were > > missed. > > > > > should the manpage be improved for reply-to and talk about 'destination > > > address' instead of 'interface' like route-to does ? > > > > Yes. > > > > It looks like most information is in the commit message. > > https://marc.info/?l=openbsd-cvs&m=161213948819452&w=2 > > It's also on http://www.openbsd.org/faq/upgrade69.html
my english sucks and i'm not sure i got the meaning right, but here's a try: Index: pf.conf.5 =================================================================== RCS file: /cvs/src/share/man/man5/pf.conf.5,v retrieving revision 1.587 diff -u -r1.587 pf.conf.5 --- pf.conf.5 19 Jul 2021 16:23:56 -0000 1.587 +++ pf.conf.5 22 Sep 2021 09:23:14 -0000 @@ -1103,13 +1103,14 @@ option is similar to .Cm route-to , but routes packets that pass in the opposite direction (replies) to the -specified interface. +specified address. Opposite direction is only defined in the context of a state entry, and .Cm reply-to is useful only in rules that create state. It can be used on systems with multiple external connections to -route all outgoing packets of a connection through the interface -the incoming connection arrived through (symmetric routing enforcement). +route all outgoing packets of a connection through the interface the incoming +connection arrived through (symmetric routing enforcement) via the address of +the gateway specified in the rule. .It Cm route-to The .Cm route-to i wouldnt know how to change the example in faq/upgrade69.html as it is valid (but only specific to the case of a point-to-point interface with a :peer property) ccing experts :)
