pf rdr to hostname rather than ip

[bsdperson]

In my pf.conf I have lines like this

Code:

rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> asterisk

to redirect traffic to a specific machine. However this will only work if the firewall knows what asterisk means. In this case asterisk gets its ip by dhcp (which also runs on the fw). So if the firewall is rebooted this will not work until I login and do pfctl -f /etc/pf.conf after the ips are assigned.

One solution would be to go to static ips, but it's rather convenient to use dhcp and also makes pf.conf easy to read. How can this be solved?

Can I delay pf in rc.d do make it run after dhcpd? If so, how and what side effects would that bring?

This is on a FBSD 9.0-RELEASE-p3 machine.

[J65nko]

Just assign a static IP through DHCP:

Code:

        host static-client {
                hardware ethernet  00:18:dc:47:b0:4c ;
                fixed-address 192.168.223.20 ;
        }

[bsdperson]

Yes, that is my setup (but with dnsmasq). But during a reboot, pf doesn't know that. So the rules doesn't work.

[J65nko]

Because you assigned a fixed IP you can use that IP in your pf.conf

Code:

asterisk = 10.22.33.44

rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> $asterisk

[bsdperson]

Yes but it also means that I need to map asterisk to 10.22.33.44 in both dnsmasq.conf and pf.conf.

It seems that the easiest way to solve this would be to move dns to a different machine.