Start with the word "egress". You can see it appear in your ifconfig output for vr0:
Code:
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:1c:96:80
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:b9ff:fe1c:9680%vr0 prefixlen 64 scopeid 0x1
inet 192.168.1.103 netmask 0xffffff00 broadcast 192.168.1.255
The ifconfig man page says:
Code:
group group-name
Assign the interface to a ``group''. Any interface can
be in multiple groups.
For instance, such a group could be used to create a
hardware independent pf(4) ruleset (i.e. not one based on
the names of NICs) using existing (egress, carp, etc.) or
user-defined groups.
Some interfaces belong to specific groups by default:
- All interfaces are members of the all interface
group.
- Cloned interfaces are members of their interface
family group. For example, a PPP interface such
as ppp0 is a member of the ppp interface family
group.
- The interface(s) the default route(s) point to
are members of the egress interface group.
- IEEE 802.11 wireless interfaces are members of
the wlan interface group.
- Any interfaces used for network booting are
members of the netboot interface group.
The PF User's Guide
chapter on Network Address Translation describes the use of
!,
() and of
:0. I will not quote the entire chapter, just the relevant discussions. For
src_addr, the use of
!:
Quote:
Any of the above but negated using the ! ("not") modifier.
|
The use of
():
Quote:
The name of the external network interface in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface changes. This is highly useful when the external interface gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes.
|
And lastly,
:0 appended to an interface:
Quote:
...the :0 modifier can be appended to either an interface name or to any of the above modifiers to indicate that PF should not include aliased IP addresses in the substitution.
|
Well, what do you know? The official documentation answered your questions.