BREAKING pf(4) change: change route-to so it sends packets to IPs instead of interfaces.
by from OpenBSD Journal on (#5DM4V)
Does your pf configuration have route-to rules? If so, you need to consider the implications of this commit by David Gwynne (dlg@) carefully.
CVSROOT:/cvsModule name:srcChanges by:dlg@cvs.openbsd.org2021/01/31 17:31:05Modified files:sbin/pfctl : parse.y pfctl_parser.c share/man/man5 : pf.conf.5 sys/net : if_pfsync.c pf.c pfvar.h Log message:change route-to so it sends packets to IPs instead of interfaces.this is a significant (and breaking) reworking of the policy basedrouting that pf can do. the intention is to make it as easy asnat/rdr to use, and more robust when it's operating.
This change is intended to make configuration and maintenance easier, but it runs a high risk of breaking existing configurations. Read on for the rest of David's commit message, with some background.