On Fri, Dec 19, 2003 at 11:47:51AM -0500, Daniel Staal wrote: > It is my understanding and experiance that this does *not* mean on > the interface in question: it is universal. That is, all NAT happens > before any filtering, regardless of the interface(s) involved.
no. that is not true. pf_test() is called from ip_input()/ip_output respectively. the interface _does_ matter (this is not spam, size does matter.. eh, other topic). > Personally I would wish it were different, but I assume there is a > good reason. you are wrong. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
