On Tue, 24 Apr 2012 12:39:35 -0700 (PDT) Theron ZORBAS <theronzor...@yahoo.com> wrote:
> Hello Misc, > > What is the difference beetwen these two rules: > match out on egress inet from $int_if:network to any nat-to (egress) > > pass out on egress inet from $int_if:network to any nat-to (egress) > Or there is no difference? The pass rule does NAT and allows all outgoing packets that match the source ip. The match rule only does the NAT. You still need some other rules to actually allow individual packets to leave. > I could not understand when to use match word. > > P.S. It's been very near time that i started to use OpenBSD as a > firewall. I'm asking this question as a newbie. Sorry if it is a time > wasting question to you. > > Thanks. > Theron ZORBAS
