Re: Removing PF

To: "John D. Baker" <jdbaker%consolidated.net@localhost>
Subject: Re: Removing PF
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Sun, 7 Apr 2019 23:29:57 +0100

"John D. Baker" <jdbaker%consolidated.net@localhost> wrote:
> 
> > - dynamic ifaddrs(netifN) (John D. Baker)
> 
> The "ifaddrs(netifN)" function is what evaluates the addresses on the
> interface with each reference in a rule, or so the documentation makes
> it appear.  Contrast with "inet4(netifN)" or "inet6(netifN)" that is
> only evaluated when the configuration file is loaded.  "ifaddrs(netifN)"
> appears to be the equivalent of pf's "(netifN)", but always returns the
> full list of all addresses on an interface, so cannot be used in a NAT
> (map foo -> bar) statement.  Hence the desire to select a subset or at
> least only the first address in the list, e.g., pf's "(netifN:0)" dynamic
> address evaluation with return of only first address.

You *can* use ifaddrs(netifN) for a NAT rule in NetBSD -current, but you
need to specify the address selection algorithm.  Currently, "ip‐hash" or
"round‐robin".  You cannot select just the first address, though.  That is
something I can look into.

-- 
Mindaugas

Follow-Ups:
- Re: Removing PF
  - From: Roy Marples
- Re: Removing PF
  - From: John D. Baker

References:
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker

Prev by Date: Re: GSoC 2019 - Porting wine to amd64
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index