Hi there,
In the Tables section of the PF guide, it is said that:
"tables can be used in the following ways:
..
* destination address in route-to, reply-to and dup-to filter rule
options."
The man page for pf.conf says:
"The route-to option routes the packet to the specified interface
with an optional address for the next hop."
I am trying to setup a very simple fault-tolerance strategy with PF for a
firewall with multiple external connections.
I have noticed that, at least in my setup, route-to will only work as
expected if the address of the next hop is also provided together with
the interface. If only the interface is provided, PF will only route to
default route interface.
I have also noticed that if I define a table with only the addresses of
the next-hops and use it as an option for route-to, such as:
table <routeto> { ipaddresss1 , ipaddress2 }
..
pass in $int_if route-to <routeto> round-robin from any to any keep state
I get a syntax error.
My questions are:
1. Is the next-hop really optional?
2. how to create a table for route-to?
Thanks again,
ebl
