* Kapetanakis Giannis <[email protected]> [2026-05-27 10:02]:
> Is this the correct intended behavior?
yes. and it hasn't changed since I wrote that in... 2009? 2010?
> If so maybe the FAQ should be updated.
the manpage has it quite clearly IMO.
match The packet is matched. This mechanism is used to provide fine
grained filtering without altering the block/pass state of a
packet. match rules differ from block and pass rules in that
parameters are set every time a packet matches the rule, not only
on the last matching rule. For the following parameters, this
means that the parameter effectively becomes “sticky” until
explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable,
and scrub.
log is different still, in that the action happens every time a
rule matches i.e. a single packet can get logged more than once.
--
Henning Brauer, [email protected], [email protected]
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
