From 85e3fd4166f595adab6d2efbf77c39e063b4a609 Mon Sep 17 00:00:00 2001
From: Soner Tari <sonertari@gmail.com>
Date: Sun, 8 May 2022 11:56:22 +0300
Subject: [PATCH] Add parentheses around $ext_if IP address in the rules

But not around $int_if, because the user should reload the pf rules if
the IP address of the internal interface changes, and she may need to
modify the configuration of other modules too, such as dhcpd.
---
 config/etc/pf.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/etc/pf.conf b/config/etc/pf.conf
index a6db2b53..32bfc117 100644
--- a/config/etc/pf.conf
+++ b/config/etc/pf.conf
@@ -102,8 +102,8 @@ pass in log on $int_if proto tcp from $int_net to $int_if port { www, https }
 pass in log on $int_if proto { tcp, udp } from $int_net to $int_if port { domain, bootps }
 
 # UTMFW proxies
-pass out log on $ext_if proto tcp from $ext_if to port $im_ports
-pass in log on $ext_if proto tcp from port $im_ports to $ext_if
+pass out log on $ext_if proto tcp from ($ext_if) to port $im_ports
+pass in log on $ext_if proto tcp from port $im_ports to ($ext_if)
 
 # ping
 pass in log on $int_if proto icmp from $int_net
@@ -117,7 +117,7 @@ pass in log on $int_if proto tcp from $int_net to !$int_if port imaps
 #pass in log on $int_if proto { tcp, udp } from $int_net to port { isakmp, 4500 }
 
 # OpenVPN
-#pass in log on $ext_if proto { tcp, udp } to $ext_if port 1194
+#pass in log on $ext_if proto { tcp, udp } to ($ext_if) port 1194
 #pass log on $openvpn
 
 # File sharing applications