Hi Harald,
Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100:
> pf.conf(5) says
>
> In the example below, packets bound for one specific server, as well as
> those generated by the sysadmins are not proxied; all other connections
> are.
>
> match in on $int_if proto { tcp, udp } from any to any port 80 \
> rdr-to 127.0.0.1 port 80
> pass in on $int_if proto { tcp, udp } from any to $server port 80
> pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80
>
> I don't see that yet. All traffic for 80/tcp on $int_if matches
> the first line, so I would assume that all this traffic is
> redirected, regardless whether the following "pass in" rules
> match. They don't "undo" the redirection.
pf.conf(5) also says:
For each packet processed by the packet filter, the filter rules are
evaluated in sequential order, from first to last. For block and pass,
the last matching rule decides what action is taken; if no rule matches
...
Yours,
Ingo
