On 2007/03/22 13:01, Bruce Bauer wrote: > Yes, it shows that for a nat rule but doesn't mention anything about pass on > a binat rule. I only discovered that binat accepts pass from the grammer > section of pf.conf(5).
"Packets that match a translation rule are only automatically passed if the pass modifier is given, otherwise they are still subject to block and pass rules." Translation rules are binat, rdr, nat. One thing to watch out for with binat: you can't use it with ftp-proxy(8), since binat is of higher priority than the rdr or nat rules which are added to the anchor. The workaround there is to list nat and rdr separately.
