On 17 March 2010 c. 00:43:34 Simon Perreault wrote: > J.C. Roberts wrote: > > match out on ? proto tcp from ? to any port ftp \ > > rdr-to 127.0.0.1 port 8021 > > You can't do that. rdr-to only works on input. > > > Without testing it, I don't know how the potential loop can be > > avoided, or if it even needs to be avoided (note the "match out" > > example for isakmp in the pf.conf(5) man page). > > That example uses nat-to, which only works on output.
Things were changed in -CURRENT a bit, see http://marc.info/?l=openbsd-cvs&m=125486449001455&w=2 for example. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
