Dear [EMAIL PROTECTED],
>table <EXT> const persist {fxp0}
will result in having both IPv4 and IPv6 addresses
in table (if you have them configured). of course,
you can deal with it later by adding address family
to rule
>pass on fxp0 inet from <EXT> to any
what will result in (example #1)
># pfctl -Ts -t EXT; pfctl -sr
> 192.168.100.100
> fe80::202:3fff:fe35:2d9
>pass on fxp0 inet from <EXT> to any
additionally, we have :broadcast modifier, so changing to
>table <EXT> const persist {fxp0:broadcast}
will result in (example #2)
># pfctl -Ts -t EXT; pfctl -sr
> 192.168.100.255
>pass on fxp0 inet from <EXT> to any
is it correct way to pass or block addresses (from table) which
address family don't match rule's address family (example #1)?
if not, maybe it is a good idea to add :ipv4 and :ipv6 modifiers
in addition to :broadcast and :network? so changing to
>table <EXT> const persist {fxp0:ipv4}
will result in (example #3)
># pfctl -Ts -t EXT; pfctl -sr
> 192.168.100.100
>pass on fxp0 inet from <EXT> to any
Daniel? :)
Truly yours
Alexey E. Suslikov
