> > You're missing the no-nat rule. This shouldn't break the "reflection" > traffic but might cause adverse effects for other connections originating > from your firewall.
just that ? no nat on $int_if proto tcp from $int_if to $int_net what type of connections coul be broken ? i have binat rules so i'm afraid my nat rules break it and i must make a condition on my nat rule (like nating only from one ip) my other is: if i nat on the internal interface does the traffic could go out on the external interfaces ? i was reading that pf compare the ip of the interface and ones in the packet this migration from iptables to pf on so large farm of server might be finishing like in hell ;)
