On Wed, 12 Feb 2003, Ryan Thomas McBride wrote: > CVSROOT: /cvs > Module name: src > Changes by: [EMAIL PROTECTED] 2003/02/12 06:27:20 > > Modified files: > share/man/man5 : pf.conf.5 > > Log message: > Fix BNF for rdr and nat to match merge of rdr and nat parsing.
Now you have the following syntax rdr on dc0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 (it used to be ... port 2222 -> ..., so without the "=") rdr on dc0 inet proto tcp from any to 1.2.3.4 port 2000:2999 -> 10.0.0.10 port 4000 rdr on dc0 inet proto tcp from any to 1.2.3.4 port 3000:3999 -> 10.0.0.10 port 5000:* While filter rules use <> pass in proto tcp from any to 10.0.0.10 port 4999 <> 6000 It would be nicer to make rdr/nat rules even more like normal filter rules. And allowing unary-op (=, !=, <, <=, >, >=) and binary-op (<>, ><) on rdr/nat rules (of course not all of these make sense). This will allow the following syntax rdr on dc0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port = 22 rdr on dc0 inet proto tcp from any to 1.2.3.4 port 1999 <> 3000 -> 10.0.0.10 port = 4000 rdr on dc0 inet proto tcp from any to 1.2.3.4 port 2999 <> 4000 -> 10.0.0.10 port 4999 <> 5000 (so the same as above) rdr on dc0 inet proto tcp from any to 1.2.3.4 port >= 9000 -> 10.0.0.10 port = 9000 rdr on dc0 inet proto tcp from any to 1.2.3.4 port < 1024 -> 10.0.0.10 port 9999 <> 11024 rdr on dc0 inet proto tcp from any to 1.2.3.4 port 999 <> 2000 -> 10.0.0.10 port < 1000 (and even more, some of which totally useless ;-)) BTW I find it quite annoying that <> (no including the limits of the range) isn't the same as : (includes the limits of the range). Cheers, Dries -- Dries Schellekens email: [EMAIL PROTECTED]
