I used to use ($int_if)/24 all the time with no problems. With my latest ruleset, I've moved over to $int_if:network because my internal ip isn't likely to change, however I'm another one waiting for ($int_if:network) :)
-- Alistair Kerr On Wed, 19 Feb 2003, Henning Brauer wrote: > On Wed, Feb 19, 2003 at 08:41:43PM +0100, Cedric Berger wrote: > > Jason Dixon wrote: > > > > >I just finished upgrading a 3.2 -stable box to yesterday's snapshot to > > >try out the new IP ID feature (where is that documented?). Anyhoo, > > >there was one rule in the pf.conf that was fine in 3.2, but the snapshot > > >is choking on: > > > > > >pass in on $ext_if proto tcp from $other_net to ($int_if)/24 flags S/SA > > >modulate state > > > > > >I assumed it was due to the expansion "($int_if)/24", so I tried with a > > >single IP, and that fixed it. What is the new syntax like for cidr > > >expansion on an interface? I can't find any examples in the manpage. > > > > > $int_if:network probably > > well, of course that works fine, and of course $int_if/24 does too, but > ($int_if)/24 does _not_. > did that EVER work correctly? > off to check pf.c ... > > -- > Henning Brauer, BS Web Services, http://bsws.de > [EMAIL PROTECTED] - [EMAIL PROTECTED] > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) > > >
