Re: Removing PF

["John D. Baker" <jdbaker%consolidated.net@localhost>]

Just to add my $0.02

The eternal interface of my router has multiple IP addresses.  One is
dynamic--assigned by my ISP's DHCP server, the other is static and used
to access the status/configuration interface of the ADSL modem.

I've crafted the interface intialization (via dhcpcd and the exit-hook
script) to guarantee the DHCP- (or PPPOE-) assigned address is always
first.  This lets me use 'pf's  "netif:0" notation to always select this
primary address alone for use in NAT or filter rules.  (Since I control
the static auxiliary address,  I can refer to it with appropriate
variables.)

In the available local documentation, I see no equivalent facility in
NPF.  While "ifaddrs(netif)" does dynamic lookup of addresses, there
appears to be no mechanism to select a subset of them.  (The dynamic
lookup feature is even more important for users stuck behind PPPOE-ADSL
systems like AT&T where the public address changes frequently.)

Similarly, 'pf's "netif:network" notation resolves to the network address
of an interface's primary IP address.

Selection of address subset from result of "ifaddrs(netif)" and network
address generation from an interface name are requirements for me to
consider learning to configure NPF.


As for local documentation, suggestions that one must access an external
resource (web site) for documentation pertaining to the configuration
of a piece of critical network infrastructure are troubling at best.
If it's not in a manual page on my local installation, it doesn't exist.

-- 
|/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
|\ / jdbaker[snail]consolidated[flyspeck]net  OpenBSD            FreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645