On 12/15/17 15:11, Steve Litt wrote: > a pretty good job of it, but is very lacking in explanations. Tutorials > are for people who currently know nothing, so a word by word > explanation should be given for both of these lines: > > * match out on egress inet nat-to ($ext_if) > * pass proto tcp from { self, $int_if:network } > > There are many other places needing explanations. If you could include > a few diagrams to make the point, that would help immensely.
Keep in mind that those are the slides only, those participating in the session will hear a fuller explanation and have the option to interrupt us with questions or even start discussions. I do know of a PF presentation that was by increments turned into a book, but this presentation is not quite at that stage yet (though you never know what might happen at some point in the future). The book is still reasonably useful, I hear ;) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.