On Tue, Aug 02, 2005 at 11:34:55PM -0500, Kevin wrote: > > You can solve this by using tags: > > nat on $ext_if inet from any to any tagged aramith -> 69.13.34.94 > . . . > pass out from any to any user aramith tag aramith
please remember to specify tcp/udp when doing 'user' or 'group'. unless the behaviour has changed (which i admit, maybe it has), this rule (^pass out.*) can/should be considered to be equivalent to the following 5 rules: pass out inet all keep state tag aramith block out inet proto tcp all block out inet proto udp all pass out inet proto tcp all user aramith keep state tag aramith pass out inet proto udp all user aramith keep state tag aramith manpage still has: --- Only TCP and UDP packets can be associated with users; for other protocols these parameters are ignored. --- looks like some time betwen jun.25 and jul.12 things changed such that one doesn't need to explicity say 'keep state' to tag something. jared - [ openbsd 3.7 GENERIC ( jul 12 ) // i386 ]
