On Mon, Sep 03, 2007 at 11:37:22AM +0200, Tobias Marx wrote:
> can someone verify this behaviour?
I doubt this has anything to do with anchors. To verify, you can move
the contents of http_out into the main ruleset (and remove the anchor
call), and reboot, as a test. Watch out for error messages on the
console.
My first guess would be the interfaces. If either $ext_if1 or $ext_if2
do not exist at ruleset load time (because they're not physical
interfaces like xl0, but tun0 or such), you should get an error message
on the console when pfctl is invoked from rc.
In that case, you might have to add a pfctl -f call at the end of
rc.local, for instance. Not all interface references are late-binding
(can be used before the interface exists).
> pass out quick route-to {(extif_2 proxy_ip1),(extif_2 proxy_ip2)} \
^^ ^^ ^^ ^^
Those are typos (missing $), right?
Daniel
