On 6/6/06, Angelo Turetta <[EMAIL PROTECTED]> wrote:
I think filtering both before and after NAT is out of scope (pf is not
designed to do that).
correct
What could be easily done to alleviate 'the missing' would be to add to
the 'rdr' UI the possibility to specify the FROM part of the rule. If
you look at your /tmp/rules.debug yuo'll see that rdr rules are
specified as follows:
rdr on vlan0 proto tcp from any to x.y.w.z/32 port {80 443} -> a.b.c.d
The part 'from any to' is added by filter.inc Allowing the user to
specify a source would allow to translate only some of the packets, with
the remainder matching some following NAT rules or being passed
untranslated to the filter. I don't know whether the rdr rules syntax
allows 'from' to contain an alias, or a list of values.
Yep, exactly what we're talking about. And it certainly does.
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
