On Fri, Apr 08, 2011 at 03:42:41PM +0300, Bojidara Marinchovska wrote:
> So the correct question is how to accomplish
>
> pass in quick on $netif from {$test1, $test2} to x.x.x.x
> block in quick on $netif from any to x.x.x.x
>
> with only 1 rule ?
While negating a list never does what you want, negating a table
does the expected:
table <test> const { 1.2.3.4, 2.3.4.5 }
block from ! <test> to x.x.x.x
The rule matches any source except 1.2.3.4 and 2.3.4.5.
See http://www.openbsd.org/faq/pf/tables.html for more examples.
Daniel
