Hello Ian,
</snip>
> However, this does not work with IPv6, because vlan10 translates to the
> link-local address (fe80::) instead of the real address on the interface.
>
> This is a bug, IMO. I'm not sure why you'd want the link local address in
> there... and to my knowledge, there isn't a way of forcing it to use the real
> IP.
>
I vaguely remember Paul de Weerd reported similar issue two years ago [1]
there were also some discussion inside OpenBSD community. Also few
patches with appeared, but none of them got accepted.
>
> While i'm on, can I also suggest:
>
> - :0 can be used as a modifier to not add alias addresses. Can I request the
> ability to have further integers to select which IP should be used, eg: :1
> should be the second address etc.
I think this idea was rejected. If I remember correct one of the issue
is there is no solid API/mechanism to assign indexes to IP addresses
bound to interface. Think of a situation where there are 5 addresses
bound to em0:
1.2.3.1:0
1.2.3.2:1
1.2.3.3:2
1.2.3.4:3
1.2.3.4:4
let there be a rule in pf:
pass in on em0 from any to em0:3
now how we are going to deal with situation when address :2
disappear? shell we keep indexes assigned? shell we reindex?
how this should work for dynamic variant: ... any to (em0:3)
there is still more question than answers.
I agree it appears fairly simple at first glance, but it's not.
>
> - The ability to do { inet, inet6 } to have a single rule for both ipv4 +
> ipv6 and it be expanded out.
I'm afraid this would be pretty big change to pf. I'm just curious:
what kind of advantage single rule for both address families brings?
in other words why do you need it?
thanks and
regards
sashan
[1] https://marc.info/?l=openbsd-misc&m=158013341625386&w=2
