* corey clingo <clinge...@gmail.com> [2012-01-29 19:47]: > Anyway, I'm reading the pf.conf man page, and I interpret it as saying > that the last matching pass/block rule determines what action is > taken, but the _first_ matching pass rule is what creates the state. > Am I interpreting this correctly?
no, the last one creates state (simplified, it isn't THAT simple anymore, but that is still what it comes down to). > Should I be using match rules to do nat-to/rdr-to instead? should? maybe. depends. whatever is easier in your case. could? yes. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
