On 2012-07-30, Jeff Simmons <[email protected]> wrote: > Given a machine with two interfaces to the internet, is there a way to > enforce > symmectric routing (i.e. if1 and if2 with if1 as the default route, can > connections to if2 be somehow routed back out if2)? > > pf's reply-to and route-to perform this quite well for packets transversing a > router, but I haven't found anything for connections to the router itself.
reply-to should work here too, I use exactly that for semi-out-of-band SSH access via a backup ISP and the packets flow correctly. pass in quick inet proto tcp to (pppoe1:0) port ssh keep state (max-src-conn-rate 5/10 overload <BADHOSTS> flush global) reply-to 81.187.81.187@pppoe1
