On Mon, Nov 25, 2002 at 02:47:54PM +0100, Ed White wrote: > reading http://www.openbsd.org/plus.html I found: > > "When routing via pf(4), use the outgoing interface as decided by the normal > routing code, not the interface to which the rule applies."
Looking at cvsweb for www/plus.html, this sentence was added with r1.847. I guess it refers to sys/net/pf.c r1.246: Revision 1.246 / Fri Oct 4 17:45:55 2002 UTC by ish Branch: MAIN Changes since 1.245: +11 -9 lines [to the right branch this time] To detect routing loops use the actual outgoing interface and not the interface that the rule is to apply to (as there may not be one). - noticed by [EMAIL PROTECTED] - ok dhartmei@, henning@ This commit only fixed a deficiency in the loop detection for pf_route() (which prevents you from creating an endless loop using multiple route-to rules). It doesn't change any semantics for valid setups. There have been no significant changes to route-to semantics since 3.2 at all. Daniel
