Re: Removing PF

[Roy Marples <roy%marples.name@localhost>]

On 07/04/2019 23:29, Mindaugas Rasiukevicius wrote:
> "John D. Baker" <jdbaker%consolidated.net@localhost> wrote:
> > > - dynamic ifaddrs(netifN) (John D. Baker)
> >
> > The "ifaddrs(netifN)" function is what evaluates the addresses on the
> > interface with each reference in a rule, or so the documentation makes
> > it appear.  Contrast with "inet4(netifN)" or "inet6(netifN)" that is
> > only evaluated when the configuration file is loaded.  "ifaddrs(netifN)"
> > appears to be the equivalent of pf's "(netifN)", but always returns the
> > full list of all addresses on an interface, so cannot be used in a NAT
> > (map foo -> bar) statement.  Hence the desire to select a subset or at
> > least only the first address in the list, e.g., pf's "(netifN:0)" dynamic
> > address evaluation with return of only first address.
>
> You *can* use ifaddrs(netifN) for a NAT rule in NetBSD -current, but you
> need to specify the address selection algorithm.  Currently, "ip‐hash" or
> "round‐robin".  You cannot select just the first address, though.  That is
> something I can look into.

My modem has a site local admin address. My router gets a public IP from 
it but I'd like to keep the admin address as well.

An address selection algo to exclude or only use site local addresses 
would be of use? Currently I have a dhcpcd exit hook script to remove 
the site local addresses, reconfigure npf and then re apply the site 
local addresses. This isn't ideal, hence my request.

Roy