On 2010 Aug 05 (Thu) at 10:42:21 +1000 (+1000), Olivier Mehani wrote: :=== pf.conf === :match out on egress from (ingress:network) to any nat-to (egress) :pass all :======
You can simplify this even more: pass out from !(egress) nat-to (egress:0) the 'egress' group is added to any interface that has a default route. The '(egress:0)' syntax will have it chose the first IP address on that interface, dynamically chasing any IP address change (think dhcp). -- Everything is controlled by a small evil group to which, unfortunately, no one we know belongs.
