=?utf-8?Q?Per-Olov=20Sj=C3=B6holm?= <pos@incedo.org> wrote:
> I can in the man page f??r PF see:
>
> --snip--
> Interface names, interface group names, and self can have
> modifiers appended:
>
> :0 Do not include interface aliases.
> :broadcast Translates to the interface's broadcast address(es).
> :network Translates to the network(s) attached to the
> interface.
> :peer Translates to the point-to-point interface's peer
> address(es).
> --snip--
>
> Is there a special reason syntax like INTERNET_INT:1 wont work if we want to use the first alias address from the hostname interface file?
>
> As it is now I have to use the base adress by using ":0" or including all aliases. For me this seems unusable. If I want to nat out on the alias address from for example the DMZ I would like to use ":1". As this is not possible I have to hard code the IP:s in pf.conf.
Yes there is a very good reason.
Interface aliases are not what you think they. A mistake was made
more than two decades ago. If you reconfigure, they "roll".
You should avoid use of :0, unless you need it. But definately you do
not want :1 or :2 etc
No comments:
Post a Comment