On 2014-08-04, Christophe <t...@stuxnet.org> wrote:
> Second question :
> I used to write route-to and reply-to rules in pf.conf in a static context.
> As far as I've seen, there are modifiers on interface specifications
> like :network or :peer. But is there a :gateway or something similar
> telling pf to use the defaut gateway learned by DHCP on the specified
> interface ?
No, there is no modifier to do this. That information ("gateway learned
by dhcp on XX") isn't passed to the kernel.
What you could do instead, is use dhclient -L to write the lease information
to a file, then watch that file for changes (sysutils/entr in ports is good
to trigger running a script based on this), parse the relevant lines, and
reload your PF rules with the -D flag to set macros (e.g. "pfctl -D
ext_gw1=$someaddr -D ext_gw2=$otheraddr -f /etc/pf.conf").
