Fernando Gleiser wrote:
why can't you use the "0/32 trick"? I have a dynamic IP and use block in quick on ed1 proto tcp from any to 0/32 port = 22 flags S That means "block it to whatever address ed1 has"
I guess the problem is not with dynamic IP per se, but with PPP. When using userland PPP, the IPFilter rules are loaded before PPP has had it's chance to bring up the tun0 interface and so the interface has no address when the rules are loaded.
I just use 'to any' in my IPFilter rules with PPPoE. --- ... One can never know for sure what a deserted area looks like.
