On Saturday 10 December 2005 01:55, ed wrote:
> On Fri, 09 Dec 2005 16:14:25 -0500
>
> Forrest Aldrich <[EMAIL PROTECTED]> wrote:
> > rdr on $ext_if proto tcp from !<geoip>, !<spammers>, !<abuse> any \
> > port { $tcp_services } tag INET_DMZ -> $server
>
> rdr on $ext_if proto tcp from { !<geoip> , !<spammers>, !<abuse> } to \
> any port { $tcp_services } tag INET_DMZ -> $server
and note that this is equivalent to:
rdr on $ext_if proto tcp from !<geoip> to \
any port { $tcp_services } tag INET_DMZ -> $server
rdr on $ext_if proto tcp from !<spammers> to \
any port { $tcp_services } tag INET_DMZ -> $server
rdr on $ext_if proto tcp from !<abuse> to \
any port { $tcp_services } tag INET_DMZ -> $server
which is probably not what you want.
you could use something like:
no rdr on $ext_if proto tcp from <geoip> to any port { $tcp_services }
no rdr on $ext_if proto tcp from <spammers> to any port { $tcp_services }
no rdr on $ext_if proto tcp from <abuse> to any port { $tcp_services }
rdr on $ext_if proto tcp from any to any \
port { $tcp_services } tag INET_DMZ -> $server
which has the effect of preventing the redirection and tagging
from IPs inside any one of the three tables.
Can
