GH> Is there some unknown reason why he cannot use GH> ~~ # grep \!\< /etc/pf.conf | head -3 GH> nat on $Ext from $LAN to !<InsideNets> -> $Ext:0 GH> pass out quick on $Ext $TCP to !<InsideNets> user squid $KSF queue (q_def,\ GH> q_pri) GH> pass out log quick on $Ext $TCP from $Ext:0 to !<InsideNets> port nntp\ GH> user news $KSF
GH> for the same effect ? No it is not the same. I suggested "list exclude" feature in addition to existing "list include" feature on table RULE. As result, administrator would be able to assemble ONE table instead of two-three, and would be able to reduce number of rules, without external lists preprocess or dynamic table loading. IMHO, my suggest was pretty simple, and at the same time, very efficient for PF's core flexibility. Developers don't think so. Sad. Ilya A. Kovalenko "Better" is the worst enemy of "Good"
