On 12 May 2016, Gabriele Tozzi wrote: (snip) > Then I have setup PF to allow incoming ssh traffic. Here is my rule: > > pass in on pppoe0 inet proto tcp to pppoe0 port ssh keep state > > > The interface has a dynamic IP. I was relying on the "!/sbin/pfctl -f > /etc/pf.conf" rule to reload my PF when the IP changes but, apparently, > it is not working as expected: it looks like the interface can change > its IP without being restarted, so PF never gets reloaded and keeps > using the old IP. (snip)
Does it start to work okay if you put the pppoe0 in parentheses? http://www.openbsd.org/faq/pf/filter.html has, ] The name of a network interface or group in parentheses ( ). This ] tells PF to update the rule if the IP address(es) on the named ] interface change. -- Mark
