tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Removing PF



On 07/04/2019 23:29, Mindaugas Rasiukevicius wrote:
"John D. Baker" <jdbaker%consolidated.net@localhost> wrote:

- dynamic ifaddrs(netifN) (John D. Baker)

The "ifaddrs(netifN)" function is what evaluates the addresses on the
interface with each reference in a rule, or so the documentation makes
it appear.  Contrast with "inet4(netifN)" or "inet6(netifN)" that is
only evaluated when the configuration file is loaded.  "ifaddrs(netifN)"
appears to be the equivalent of pf's "(netifN)", but always returns the
full list of all addresses on an interface, so cannot be used in a NAT
(map foo -> bar) statement.  Hence the desire to select a subset or at
least only the first address in the list, e.g., pf's "(netifN:0)" dynamic
address evaluation with return of only first address.

You *can* use ifaddrs(netifN) for a NAT rule in NetBSD -current, but you
need to specify the address selection algorithm.  Currently, "ip‐hash" or
"round‐robin".  You cannot select just the first address, though.  That is
something I can look into.

My modem has a site local admin address. My router gets a public IP from it but I'd like to keep the admin address as well.

An address selection algo to exclude or only use site local addresses would be of use? Currently I have a dhcpcd exit hook script to remove the site local addresses, reconfigure npf and then re apply the site local addresses. This isn't ideal, hence my request.

Roy


Home | Main Index | Thread Index | Old Index