On Mon, 29 Dec 2025, Sad Clouds wrote: > On Sun, 28 Dec 2025 13:48:02 -0600 (CST) > "John D. Baker" <[email protected]> wrote: > > > Good points raised and perhaps others can shed some light on how to deal > > with a multi-homed interface where one address is statically assigned and > > the other is dynamic via DHCP. > > Strictly speaking "multihomed" refers to a machine with multiple > network interfaces. If you assigned multiple IP addresses to the same > interface this is called "IP aliasing". > > There may be some security implications when creating such firewall > designs with only a single interface. It is best to physically isolate > external and internal subnets, I think.
So, yes, the router is "multihomed" in that it has multiple physical interfaces. I'm only concerned with the external interface which participates in two disparate logical networks--one is an RFC1918 private network to the ADSL modem's config/status interface and the other is the public IP assigned via DHCP by my ISP. There are only two devices on this physical connection--the router and the ADSL modem. I need to be able to track the public IP across changes which is what the ifaddrs() operator in npf can do, but ifaddrs() returns a list of all addresses with (currently) no mechanism to select/exclude members of that list. Rules for the public IP are not appropriate for the private network and vice versa. Perhaps always including the addr/mask of the private network or its negation (and "family ipv4".) in every rule will let me do what I need. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
