Hi Harald, just use `($IFACE)` to get interface's current IP (with the rules being updated when the IP changes). In addition you can use the interface group `egress` to address the interface which is used for the default route. Both options are used together in the OpenBSD router tutorial on bsdnow.tv [0] written by tj@.
Of course everything is documented but the first one is a little hard to find: It's in pf.conf(5)'s Packet Filtering section under "from source port source os source to $dest port dest" [1]. The later one is in ifconfig(8)[2]. And of course there's always The Book of PF by Peter Hansteen [3]. Regards, Florian [0]: http://www.bsdnow.tv/tutorials/openbsd-router [1]: http://man.openbsd.org/pf.conf#from [2]: http://man.openbsd.org/ifconfig.8#group [3]: https://www.nostarch.com/pf3 Am 15. April 2017 16:10:46 MESZ schrieb Harald Dunkel <ha...@afaics.de>: >Hi folks, > >Since I don't get a static IPv6 prefix from Deutsche Telekom, but >a different prefix on every new pppoe connection, I have to rely >upon some lookup service for pf.conf. > >pf.conf(5) doesn't mention dynamic IP addresses at all (except >for its own interfaces), so I wonder what is best practice here? >DNS? A table for every internal host, updated by a watchdog? > > >Every helpful comment is highly appreciated >Harri
