On 2005-03-08 06:49, "J.D. Bronson" <[EMAIL PROTECTED]> wrote: > First my ifconfig -A: > > # ifconfig -A > bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > address: xxxxxxxxxxxx > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 192.168.82.1 netmask 0xffffff00 broadcast 192.168.82.255 > inet 192.168.82.2 netmask 0xffffffff broadcast 192.168.82.2 > > > I use a rule in the firewall such as this: > # macros > int_if = "bge0" > > pass in on $int_if from $int_if:network to any modulate state > pass out on $int_if from any to $int_if:network modulate state > > This expands to: > pass in on bge0 inet from 192.168.82.0/24 to any modulate state > pass in on bge0 inet from 192.168.82.2 to any modulate state > pass out on bge0 inet from any to 192.168.82.0/24 modulate state > pass out on bge0 inet from any to 192.168.82.2 modulate state > > Why does it pick the alias IP on the nic and not the actual IP? > Is this intended by design?
Because the first IP address has a netmask with zero bits, and pf is smart enough to recognize this as part of a subnet/network (this is, after all the meaning of the :network modifier). The alias IP has a netmask of 0xffffffff, which may match only that alias address. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"