$ cat /etc/hostname.fxp0 inet 10.0.3.20 255.0.0.0 NONE inet alias 10.1.3.20 255.0.0.0 inet alias 10.2.3.20 255.0.0.0 inet alias 10.3.3.20 255.0.0.0 inet alias 10.4.3.20 255.0.0.0 inet alias 10.5.3.20 255.0.0.0
$ grep antispoof /etc/pf.conf antispoof for fxp0 Loading this ruleset will result in, $ pfctl -sr | grep '10.0.0.0/8' block drop in on ! fxp0 inet from 10.0.0.0/8 to any block drop in on ! fxp0 inet from 10.0.0.0/8 to any block drop in on ! fxp0 inet from 10.0.0.0/8 to any block drop in on ! fxp0 inet from 10.0.0.0/8 to any block drop in on ! fxp0 inet from 10.0.0.0/8 to any block drop in on ! fxp0 inet from 10.0.0.0/8 to any Hence, we get a block statement for each alias, which is I guess fine if aliases have different masks, but in this case, it's kind a unneccesary. No? This is on x86/-current from 4 days ago. // haver