From phoemix@trillian.harmless.hu  Sun Mar 19 15:57:02 2006
Return-Path: <phoemix@trillian.harmless.hu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 106DA16A422
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 19 Mar 2006 15:57:02 +0000 (UTC)
	(envelope-from phoemix@trillian.harmless.hu)
Received: from trillian.harmless.hu (trillian.wigner.bme.hu [152.66.224.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ACF1D43D49
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 19 Mar 2006 15:57:01 +0000 (GMT)
	(envelope-from phoemix@trillian.harmless.hu)
Received: by trillian.harmless.hu (Postfix, from userid 1001)
	id DC38FBDCC; Sun, 19 Mar 2006 17:05:25 +0100 (CET)
Message-Id: <20060319160525.DC38FBDCC@trillian.harmless.hu>
Date: Sun, 19 Mar 2006 17:05:25 +0100 (CET)
From: Gergely CZUCZY <phoemix@harmless.hu>
Reply-To: Gergely CZUCZY <phoemix@harmless.hu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: pf don't follow IP changes on IF-defined rules
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         94694
>Category:       kern
>Synopsis:       pf don't follow IP changes on IF-defined rules
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 19 16:00:45 GMT 2006
>Closed-Date:    Sun Mar 19 18:37:08 GMT 2006
>Last-Modified:  Sun Mar 19 18:37:08 GMT 2006
>Originator:     Gergely CZUCZY
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
none
>Environment:
FreeBSD beeblebrox.harmless.lan 6.0-STABLE FreeBSD 6.0-STABLE #1: Wed Feb  1 22:18:02 CET 2006     root@beeblebrox.harmless.lan:/usr/obj/usr/src/sys/BEEBLEBROX  i386

>Description:
If you have a rule in you're pf configuration where you specify the
interface's name, and the IP address of the IF is changed by the time
(think of dynamic-IP DSLs) the resolved IP address of the interface in
the ruleset is not updated.

in my case, the rule is as follows:
--- chop with axe here ---
if_ppp="tun0"
nat on $if_ppp from <natnets> to !10.0.0.0/8 -> $if_ppp
--- chop with axe here ---

on config file loading it's resolved to:
--- chop with axe here ---
nat on tun0 inet from <natnets> to ! 10.0.0.0/8 -> 213.178.112.51
--- chop with axe here ---

the IP address of the interface is resolved. when my PPP connection
is terminated by my ISP, and it reconnects, it may get a different
IP address. in these cases the already loaded ruleset will not follow
the change in the interface's address

>How-To-Repeat:
1) apply a rule to pf, where you specify the ip address by the
name of the interface
2) change the IP address of that IF
3) the IP address in the loaded ruleset will remain the same

>Fix:
i don't have a fix. i reload the ruleset by hand on these
times, but this is not a solution.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Mar 19 18:27:17 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94694 
State-Changed-From-To: open->closed 
State-Changed-By: mlaier 
State-Changed-When: Sun Mar 19 18:35:55 UTC 2006 
State-Changed-Why:  
As described in the pf.conf(5) manual page, this can be done by enclosing 
the interface name in "(" and ")". 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94694 
>Unformatted:
