Thanks all for the help, got some good ideas from the discussion.
Peter
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of Peter Hessler
Sent: Thursday, August 05, 2010 2:49 AM
To: Olivier Mehani
Cc: Robert; [email protected]
Subject: Re: Most barebones pf.conf
On 2010 Aug 05 (Thu) at 10:42:21 +1000 (+1000), Olivier Mehani wrote:
:=== pf.conf ===
:match out on egress from (ingress:network) to any nat-to (egress) :pass
all :======
You can simplify this even more:
pass out from !(egress) nat-to (egress:0)
the 'egress' group is added to any interface that has a default route.
The '(egress:0)' syntax will have it chose the first IP address on that
interface, dynamically chasing any IP address change (think dhcp).
--
Everything is controlled by a small evil group to which, unfortunately,
no one we know belongs.
