Hi, did anything change in regard to pf rules with the route-to option in recent versions of OpenBSD?
I've just reinstalled an old system that was running OpenBSD 3.9 with 4.6, and gave it my old pf rulesets. There is a rule that is supposed to send all traffic originating from a certain local network into a tunnel instead of to the default gateway. Which it did with 3.9. Now it seems to do nothing - outgoing traffic just follows the default route, regardless of the route-to rule. It was basically something like this: pass in quick on $int_if route-to $vpn_if from $special_net \ to ! <localnets> keep state (The relevant traffic comes in through $vpn_if by itself.) Also tried binding the rule on the external interface, and using the route-to syntax with gateway address, but that didn't work either. Alex.
