On Mon, May 10, 2010 at 03:08:19PM +1000, Rod Whitworth wrote: > > Then come back and tell me why ALL the examples start with "match" ? > (i.e. NAT in man pf.conf for 4.7) >
maybe the idea was that it's simpler to write pass/block rules for your traffic, then just match the nat stuff. i don;t know. > > jmc said that we don't need a collection of pf.conf examples. Maybe > not, but in the past there was a skeleton that worked if you > uncommented the features you needed and did some minor editing in the > macros. > that is not quite correct (i hope). i meant that the stuff that was previously in /usr/share/examples was useless, so it was removed. there are other, better places, like the faq. > Have a look at 4.7's default. Not a mention of NAT anywhere. The > commonest function required by a raw beginner doesn't show up but all > the spamd and ftp-proxy stuff does (and that's fine), but no NAT. > Crazy! > the best way to change something you don;t agree with is to submit a diff. jmc
