=?utf-8?Q?Per-Olov=20Sj=C3=B6holm?= <p...@incedo.org> wrote: > I can in the man page f??r PF see: > > --snip-- > Interface names, interface group names, and self can have > modifiers appended: > > :0 Do not include interface aliases. > :broadcast Translates to the interface's broadcast address(es). > :network Translates to the network(s) attached to the > interface. > :peer Translates to the point-to-point interface's peer > address(es). > --snip-- > > Is there a special reason syntax like INTERNET_INT:1 wont work if we want to > use the first alias address from the hostname interface file? > > As it is now I have to use the base adress by using ":0" or including all > aliases. For me this seems unusable. If I want to nat out on the alias > address from for example the DMZ I would like to use ":1". As this is not > possible I have to hard code the IP:s in pf.conf.
Yes there is a very good reason. Interface aliases are not what you think they. A mistake was made more than two decades ago. If you reconfigure, they "roll". You should avoid use of :0, unless you need it. But definately you do not want :1 or :2 etc
