On Thu, Nov 20, 2003 at 04:33:38PM +0100, Jonas Carlsson wrote: > "rdr" and "pass" have different syntax for port-ranges, but this seems > very strange to me?!
It's not pretty, agreed, but it's unlikely to get changed in the near future. > howevery, since i want to be flexible with which ports i redirect, > how do i solve this without using a million of rules and specifying all > ports manually? a) use 'rdr pass on $if ...', which causes matching connections to get passed without requiring a matching 'pass ... keep state' rule. b) use 'tag foo' on the rdr rule to tag redirected packets, then restrict the 'pass ... keep state' rule with 'tagged foo' instead of restricting it to the ports. Daniel
