Michael Lim(vpn) wrote:
http://coombs.anu.edu.au/~avalon/ipfil-flow.html From this diagram, it appears that packet filter rules to operate onoutbound packets before NAT and inbound packets after NAT.
see http://www.phildev.net/ipf/IPFques.html#ques11 and also the related concept of "in" and "out" http://www.phildev.net/ipf/IPFques.html#ques3 ps:you may want to grok the "NAT happens in the CAT5 cable" philosphy written about here:
http://marc.theaimsgroup.com/?l=ipfilter&m=99898624628175&w=2 and here http://marc.theaimsgroup.com/?l=ipfilter&m=99608074705794&w=2 and here http://marc.theaimsgroup.com/?l=ipfilter&m=99552181624892&w=2 and here http://marc.theaimsgroup.com/?l=ipfilter&m=97199037021347&w=2 jim
