On Thu, 13 Feb 2003, Ryan McBride wrote: > On Thu, Feb 13, 2003 at 01:54:29AM +0100, Dries Schellekens wrote: > > Now you have the following syntax > > rdr on dc0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 > > (it used to be ... port 2222 -> ..., so without the "=") > > It still works without the "=" however. > > > It would be nicer to make rdr/nat rules even more like normal > > filter rules. And allowing unary-op (=, !=, <, <=, >, >=) and binary-op > > (<>, ><) on rdr/nat rules (of course not all of these make sense). This > > will allow the following syntax > > [snip] > > I've got this on my list of things to look at after 3.3 is released. > > The foundation to allow this has already been laid in the kernel with > the changes made recently to the rdr port:* handling.
Nice. > > BTW I find it quite annoying that <> (no including the limits of the > > range) isn't the same as : (includes the limits of the range). > > Do you mean that you'd like to see <> and >< include the limits of the > range? No, just like kjell pointed out, <> is horrible (IPF inheritance). It would be nicer to allow : as binary-op on filter rules, because it's much more logical than <>. Cheers, Dries -- Dries Schellekens email: [EMAIL PROTECTED]
