Em 22-09-2015 15:06, Daniel Gillen escreveu:
> Hi
>
> I currently have the following rule to nat traffic out to the internet:
>
> match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext)
>
> But this chooses from one of the configures addresses (using round-robin).
>
> Is there a way I can configure pf to prefer the privacy address (the one
> without my MAC in it)?
>
> Thx in advance
>
> Daniel
>
Daniel,
I've managed to accomplish this by using dhcpcd with the slaac
private option. You need first to activate the interface with the inet6
-autoconf option, so you'll get only the link-local address. When you
run dhcpcd it will configure only a private address on the interface
thus solving your issue. You don't need to make pf prefer the privacy
address, because there will only be one address on the interface.
Cheers,
Giancarlo Razzolini
