From pf.conf (5)
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
match
The packet is matched. This mechanism is used to provide fine
grained filtering without altering the block/pass state of a
packet. match rules differ from block and pass rules in that
parameters are set every time a packet matches the rule, not
only
on the last matching rule. For the following parameters, this
means that the parameter effectively becomes ``sticky'' until
explicitly overridden: nat-to, binat-to, rdr-to, queue,
rtable, and
scrub.
pass The packet is passed; state is created unless the no state option
is specified.
OpenBSD doc is great, you can find answer to most of your questions in
man pages and FAQs.
Michel
Le 2012-04-24 15:39, Theron ZORBAS a icrit :
Hello Misc,
What is the difference beetwen these two rules:
match out on egress inet from $int_if:network to any nat-to (egress)
pass out on egress inet from $int_if:network to any nat-to (egress)
Or there is no difference?
I could not understand when to use match word.
P.S. It's been very near time that i started to use OpenBSD as a firewall. I'm
asking this question as a newbie.
Sorry if it is a time wasting question to you.
Thanks.
Theron ZORBAS
