Beers, James W. wrote:
Got it. Here is the final working rule (taken out of context):
pass in log first quick on bge0 proto tcp from any to <ip_addr> port =
22 flags S keep state group 2 set-tag (log=1)
The question still stands, though - is anyone using this functionality?
I think it's great and will help immensely with my log parsing scripts.
It was added at the behest of someone who wanted to do exactly that...
The reason for the syntax is that there can be both a logging tag and a
NAT tag
and you can specify a matching tag in NAT rules too..
Darren
