Hi,
I want to convert a pf rule to rdr-to via relayd (add load balancer in
the mix to multiple servers).
My hesitation is how to pass the extra tcp options I pass in the rule.
I believe this should be done via match rules, but I'm not sure if the
pass rule should be on the pf or the relayd side.
The rule looks like this:
pass in quick on egress proto tcp from any to $server port = 80 flags
S/SA set (prio(1, 2)) keep state (pflow, tcp.first 10, tcp.opening 10,
tcp.established 18000, tcp.closing 30, tcp.finwait 30, tcp.closed 30)
tag from_ext
Should I change the pf pass rule to match (with no quick) and add the
relayd anchor after that (with pass in relayd, default)
or the other way around:
relayd anchor first, match in relayd and then pass in quick on the pf side.
I want to keep both the prio and tcp options as well as the rdr-to
inserted from relayd.
Is it essentially the same either way?
Thanks,
G
