Absolutely you need a pass. the block/pass is part of the firwalling
section of pf, the rdr is part of the nat functionality. So using rdr
in conjuction with block all won't work unless you explicitly pass that
traffic as well. Clear as mud? :-)
--bryan
Jay Moore wrote:
All,
I am
On Sun, Oct 12, 2003 at 11:13:18PM -0500, Jay Moore wrote:
If I have a redirect as I do, why do I need a rule that allows the redirect to
actually take place?
Put another way: do I need the redirect with the pass rule for spamd?
it's like RISC vs CISC, or something...
think of that 'pf
Bryan Irvine said:
Absolutely you need a pass. the block/pass is part of the firwalling
section of pf, the rdr is part of the nat functionality. So using rdr
in conjuction with block all won't work unless you explicitly pass that
traffic as well. Clear as mud? :-)
OK - I see that
Jay Moore said:
Bryan Irvine said:
Absolutely you need a pass. the block/pass is part of the firwalling
section of pf, the rdr is part of the nat functionality. So using rdr
in conjuction with block all won't work unless you explicitly pass that
traffic as well. Clear as mud? :-)
Jay Moore wrote:
Put another way: do I need the redirect with the pass rule for spamd?
As others pointed out already, the answer to this is yes. However,
since somewhen between 3.3 and -current, rdr also takes a pass
statement to make things shorter at the expense of not having all
passes in the
Forgive the top-post please, but I just wanted to thank all who responded
to my question. I think all of my questions have been answered (for now),
and I consider myself enlightened, and... oh, where did I put that block
diagram? :)
Best Regards,
Jay
[EMAIL PROTECTED] said:
Put another way: do
On Monday, Oct 13, 2003, at 11:43 US/Pacific, Jay Moore wrote:
oh, where did I put that block diagram? :)
The original: http://mniam.net/pf/pf.png
My version: http://homepage.mac.com/quension/pf/flow.png
All,
I am confused on a point; hoping someone here can clear this up for me. The rules
below are in use on my mail server appear to be working OK. However, they did not
work until I added the rule shown just below the comment line:
# Allow the spamd connections
If I have a redirect as I do, why