When creating a dynamic gateway and enabling "Dynamic gateway policy" on its interface, can it be used for policy based routing? The "gateway" has no IP address, the destination is directly reachable.
I can't get this working. Before digging deeper, some input whether this is actually supported would be nice.
"Doesn't work" means: When selecting the dynamic gateway in a firewall rule, the rule shown in pfInfo doesn't have a "route-to" option. When enabling "Skip rules when gateway is down" in the advanced firewall settings, the rule doesn't show up in pfInfo at all. That would suggest the gateway is considered down, but gateway monitoring is disabled and it is shown as online.
man pf.conf(5) suggests route-to doesn't require an IP address:
The route-to option routes the packet to the specified interface with an optional address for the next hop.
https://www.freebsd.org/cgi/man.cgi?query=pf.conf
Background: I'm trying to get WireGuard PBR working without the "fake gateway IP address hack" suggested in the docs: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
@mimugmail once mentioned that dynamic gateway policy should work, but I couldn't find a confirmation that it actually does: https://forum.opnsense.org/index.php?topic=15105.msg86564#msg86564
Thanks!
Maurice
<edit>
This was indeed a missing feature and it's now fixed: https://github.com/opnsense/core/commit/cdf328078bd3e16e1f4beb9b0d6956595fb59c67
</edit>