On Sun, Jun 13, 2010 at 12:36:52PM +1000, Rod Whitworth wrote: > The rule: > pass in on $int_if inet proto tcp to any port ftp \ > rdr-to 127.0.0.1 port 8021 > > in the example ruleset on http://www.openbsd.org/faq/pf/example1.html > does not work for active ftp from NATted hosts. > > There are three solutions which all work. > > A> make it "pass in quick ....." > B> move the rule as-is to the end of the file. (Last match wins......) > C.> move the rule up to the match rules and change "pass" to "match" > > Which do you prefer? >
if the point of that rule is the same as the point of the rule in ftp-proxy(8), then the rule should really match the man page (which uses "quick") or vice versa. anyone? jmc
