On Thu, Feb 13, 2003 at 01:54:29AM +0100, Dries Schellekens wrote: > Now you have the following syntax > rdr on dc0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 > (it used to be ... port 2222 -> ..., so without the "=")
It still works without the "=" however. > It would be nicer to make rdr/nat rules even more like normal > filter rules. And allowing unary-op (=, !=, <, <=, >, >=) and binary-op > (<>, ><) on rdr/nat rules (of course not all of these make sense). This > will allow the following syntax [snip] I've got this on my list of things to look at after 3.3 is released. The foundation to allow this has already been laid in the kernel with the changes made recently to the rdr port:* handling. > BTW I find it quite annoying that <> (no including the limits of the > range) isn't the same as : (includes the limits of the range). Do you mean that you'd like to see <> and >< include the limits of the range? -Ryan
