[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Realtionship between route, route-to ?

On Sun, Mar 06, 2005 at 10:00:21PM -0500, [email protected] wrote:
> What is the relationship between pf's route-to, and static route commands as
> applied in /etc/rc.local ?
> In other words, does a static route ever take precedence over a route-to command
> ?
No, pf route-to always overrides the routing table. You can use route-to
on a 'pass in' rule. In this case, pf alone routes the packet, and the
routing table is completely bypassed (never consulted). Or you can use
route-to on a 'pass out' rule. An incoming packet first goes to the
stack, then, and the stack consults the routing table to see where to
forward it to. If a 'pass out route-to' rule catches the packet when it
tries to go out through that interface, pf re-routes the packet onto the
final interface. Either way, a matching pf route-to wins over the
routing table.