On Mon, 10 May 2010 15:23:45 +0059, Jason McIntyre wrote:
>On Mon, May 10, 2010 at 03:08:19PM +1000, Rod Whitworth wrote:
>>
>> Then come back and tell me why ALL the examples start with "match" ?
>> (i.e. NAT in man pf.conf for 4.7)
>>
>
>maybe the idea was that it's simpler to write pass/block rules for your
>traffic, then just match the nat stuff. i don;t know.
And neither does anyone else who hangs out here, it seems.
>
>>
>> jmc said that we don't need a collection of pf.conf examples. Maybe
>> not, but in the past there was a skeleton that worked if you
>> uncommented the features you needed and did some minor editing in the
>> macros.
>>
>
>that is not quite correct (i hope). i meant that the stuff that was
>previously in /usr/share/examples was useless, so it was removed. there
>are other, better places, like the faq.
Guess why Nick was in the address list?
No sign that he knows any more than I do.
He's trying to find out what is the best way to make NAT work too, I
suppose.
>
>> Have a look at 4.7's default. Not a mention of NAT anywhere. The
>> commonest function required by a raw beginner doesn't show up but all
>> the spamd and ftp-proxy stuff does (and that's fine), but no NAT.
>> Crazy!
>>
>
>the best way to change something you don;t agree with is to submit a
>diff.
It's awfully hard to write a diff when the info one needs to do it
correctly is not forthcoming.
I guess that nobody who writes the existing hints (man page etc) is
short of global IPs......
:{((
*** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
Mail to the sender address that does not originate at the list server is
tarpitted. The reply-to: address is provided for those who feel compelled to
reply off list. Thankyou.
Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.
