The FAQ (https://www.openbsd.org/faq/pf/tables.html#addr
<https://www.openbsd.org/faq/pf/tables.html#addr>) states:
One limitation when specifying addresses is that 0.0.0.0/0 and 0/0 will
not work in tables.
Is this (still) correct?
I have tried this and it seems to be working fine, AFAICT.
I am having trouble reconciling the stated limitation with my seemingly working
ruleset below....
Here is what I tried:
table <public> const { !10/8 !172.16/12 !192.168/16 0/0 }
guest_hq_if = "em3"
guest_hq_net = $guest_hq_if:network
pass log (matches) from $guest_hq_net to <public> keep state
and elsewhere in my ruleset:
match out log (matches) on $external_if inet from $guest_hq_net nat-to
($external_if)
For background, what I am trying to do is to provide access to the Internet
from a guest network through my pf firewall/router, and not let this guest
traffic leak into other internal private/rfc1918 networks....
The machine I tested this on is running OpenBSD 5.8/amd64 (yes I will be
updating to 6.1 shortly...)
