Just to add my $0.02 The eternal interface of my router has multiple IP addresses. One is dynamic--assigned by my ISP's DHCP server, the other is static and used to access the status/configuration interface of the ADSL modem.
I've crafted the interface intialization (via dhcpcd and the exit-hook script) to guarantee the DHCP- (or PPPOE-) assigned address is always first. This lets me use 'pf's "netif:0" notation to always select this primary address alone for use in NAT or filter rules. (Since I control the static auxiliary address, I can refer to it with appropriate variables.) In the available local documentation, I see no equivalent facility in NPF. While "ifaddrs(netif)" does dynamic lookup of addresses, there appears to be no mechanism to select a subset of them. (The dynamic lookup feature is even more important for users stuck behind PPPOE-ADSL systems like AT&T where the public address changes frequently.) Similarly, 'pf's "netif:network" notation resolves to the network address of an interface's primary IP address. Selection of address subset from result of "ifaddrs(netif)" and network address generation from an interface name are requirements for me to consider learning to configure NPF. As for local documentation, suggestions that one must access an external resource (web site) for documentation pertaining to the configuration of a piece of critical network infrastructure are troubling at best. If it's not in a manual page on my local installation, it doesn't exist. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
