On Wed, Sep 22, 2021 at 11:28:21AM +0200, Landry Breuil wrote: > Le Tue, Sep 21, 2021 at 10:40:12PM +0200, Sebastian Benoit a ?crit : > > Alexander Bluhm([email protected]) on 2021.09.21 22:34:09 +0200: > > > On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote: > > > > did i screwup something somewhere in my config and there's a better way > > > > for that ? > > > > > > This was changed in February. No more interface, but gateway > > > addresses. It seems that some parts of the documentation were > > > missed. > > > > > > > should the manpage be improved for reply-to and talk about 'destination > > > > address' instead of 'interface' like route-to does ? > > > > > > Yes. > > > > > > It looks like most information is in the commit message. > > > https://marc.info/?l=openbsd-cvs&m=161213948819452&w=2 > > > > It's also on http://www.openbsd.org/faq/upgrade69.html > > my english sucks and i'm not sure i got the meaning right, but here's a > try: > > Index: pf.conf.5 > =================================================================== > RCS file: /cvs/src/share/man/man5/pf.conf.5,v > retrieving revision 1.587 > diff -u -r1.587 pf.conf.5 > --- pf.conf.5 19 Jul 2021 16:23:56 -0000 1.587 > +++ pf.conf.5 22 Sep 2021 09:23:14 -0000 > @@ -1103,13 +1103,14 @@ > option is similar to > .Cm route-to , > but routes packets that pass in the opposite direction (replies) to the > -specified interface. > +specified address. > Opposite direction is only defined in the context of a state entry, and > .Cm reply-to > is useful only in rules that create state. > It can be used on systems with multiple external connections to > -route all outgoing packets of a connection through the interface > -the incoming connection arrived through (symmetric routing enforcement). > +route all outgoing packets of a connection through the interface the incoming > +connection arrived through (symmetric routing enforcement) via the address of
looking at "through the interface the incomming connection arrived through". the double "through" sounds odd (but may be correct). would it be better to say through the interface the incoming connection arrived "on"? or just "through the interface of the incoming connection"? i think "using" sounds better than "via" i think a comma after "enforcement)" might make the sentence easier to read all of my points above are really just opinion. the diff reads ok. jmc > +the gateway specified in the rule. > .It Cm route-to > The > .Cm route-to > > i wouldnt know how to change the example in faq/upgrade69.html as it is valid > (but only specific to the case of a point-to-point interface with a :peer > property) > > ccing experts :)
