On Thu, Dec 26, 2002 at 10:25:12PM +0100, Daniel Hartmeier wrote: > On Thu, Dec 26, 2002 at 01:30:03PM -0800, Bryan Irvine wrote: > > > pass in on rl0 proto tcp from any to rl0 port > 49151 keep state > > > > # pfctl -N /etc/nat.conf > > /etc/nat.conf:5: filter rule not permitted in nat mode > > pfctl: syntax error in file: nat rules not loaded > > Well, filter rules (like the pass rule you quote) go into /etc/pf.conf, > and nat rules (nat, binat, rdr) go into /etc/nat.conf. Then you load the > filter rules with pfctl -f /etc/pf.conf and the nat rules with pfctl -N > -f /etc/nat.conf.
well obviously here's some version confusion... Bryan _seems_ to talk about OpenBSD 3.1 or earlier. there it is pfctl -R /etc/pf.conf and pfctl -N /etc/nat.conf, no -f. in 3.2 and later these are merged, pfctl -f /etc/pf.conf loads 'em all. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
