like this?
pass in on $ext_if proto tcp from { $trusted_networks } to $int_ip port 1234
keep state
nevermind the macros, they work fine :)
Matijs
----- Original Message -----
From: "Camiel Dobbelaar" <[EMAIL PROTECTED]>
To: "Matijs" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 17, 2002 1:31 PM
Subject: Re: don't get it...
>
>
> On Sun, 17 Nov 2002, Matijs wrote:
> > So I should use any or mention both the external AND the internal?
>
> No.
>
> > It seems
> > to me that if I block everything coming in on the external interface no
> > package should ever come through.
>
> Yes.
>
>
> NAT (rdr) goes first.
>
> Then you allow the internal _adress_ in on the external _interface_.
>
> --
> Cam
>
