On Mon, Feb 10, 2003 at 09:09:05AM -0300, jorge wrote: > in the great world PF, is very usefull state inspect and very simply, > but with rdr, binat and routing tables. > �whats is the order the process ??
Take a look at http://mniam.net/pf/pf.png. Translations (nat/rdr/binat) always come first, before the filter rules are evaluated, so the filter rules are applied to packets after translation. The routing table is relevant for outgoing packets (if IP forwarding is used, or the firewall itself sends packets), it decides what interface the packets will go out through (where pf will see them). Daniel
