Hello again, I have a nat system with ipf.conf filters working. The problem is that the external interface ip (rtk0) is provided via dhcp from the ISP.
I'd like to restrict access from the subnet, and the gateway. Ie: allow ssh from subnet and gateway ipf.conf: block out all on rtk0 pass out quick on rtk0 proto tcp from 192.168.0.0/24 to any port = 22 keep state This works fine for the subnet, but not when I try to connect from the gateway itself, which blocks in ipmon the external address of rtk0. If I add: pass out quick on rtk0 proto tcp from 84.x.x.x to any port = 22 keep state Then this is ok (where 84.x.x.x is my external ip and the ip of rtk0). Only problem is that this external ip changes via dhcpclient. How can I get ipf to retrieve the address of rtk0 automatically like in ipnat? I tried from 0/32 to no avail, as ipf doesn't seem to like this like ipnat does. Passing from all would work, but this would then allow things not in this subnet to work as well, which I want to prohibit. Is there any solution to this or am I being dense and have misconfigured something? Thanks Amadeus
