Martin Turgeon wrote:

You're right on this, the filtering rules aren't written with the brackets.
But isn't pf routing the packets to an interface instead of an IP address.

I can't tell you if this affects your setup since I have't seen the ruleset.

You're going to tag then nat and then filter the packets. If any of these steps you apply non-dynamic rules, that is you use $ext_if instead of ($ext_if) for the ip address on the external interface, then you're likely to have things behave unexpectedly.

Things suddenly stop working after weeks without problems, just sounds very much like your firewall setup doesn't follow changes of the interface configuration. Without knowing the details of your setup, I can't tell you much more.

What also confuses me is that you have tags in your nat rules - you might add a tag for later use in filtering, but you also check if a tag exist, and I don't know how or where this is set.

Cheers, Erik
--
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to