Hi, You can use rdr pass rules so you only have 1 rule setting I Don't know if you can use logging on that rule
Kind regards -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaby vanhegan Sent: donderdag 8 september 2005 15:05 To: [email protected] Subject: Re: Migration to PF - some questions On 8 Sep 2005, at 13:55, Stephan A. Rickauer wrote: > Thanks to the kind help on this list, my test firewall successfully > runs OpenBSD 3.7 and is basically configured. I now need to think > about migrating my existing netfilter rule set to pf and would like > to ask also some general questions to understand the concept(s) > suffiently. > > If I understand correctly, pf has no 'forward' chain like netfiler > (which is probably by design). I have to admit I've found it pretty > handy to use forward chains since one does not have to specify IN > and OUT rules separately. But I don't want to argue about that. The > simple question is: Does that mean, a netfilter forward rules needs > to be replaced by two pf rules (in general)? Does rdr not provide forward-like functionality in pf? Or is it that you want to filter rdr'd connections? Gaby -- Junkets for bunterish lickspittles since 1998! [EMAIL PROTECTED] http://weblog.vanhegan.net
