Hello David,
thanks for nice wrap up of the story...
>
> this change does the following:
>
> - stores the route info in the state instead of the pf rule
>
> this allows route-to to keep working when the ruleset changes, and
> allows route-to info to be sent over pfsync. there's enough
On Thu, Jan 28, 2021 at 10:54:30PM +1000, David Gwynne wrote:
> this is the diff from the "pf route-to issues" thread, but on it's own.
I think we should make progress and commit something.
> the caveat is that route-to becomes tied to pass rules that create
> state, like rdr-to and nat-to.
this is the diff from the "pf route-to issues" thread, but on it's own.
the summary of why i wanted to do this is:
- route-to, reply-to, and dup-to do not work with pfsync
this is because the information about where to route-to is stored in
rules, and it is hard to have a ruleset synced
