WHOA! that works! I had no idea you could use the bitmask option like that! Thank You.
Although I haven't tested for any unwanted behavior... I'll get back to you if i find any. On Mon, Jul 9, 2012 at 3:10 PM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2012-07-09, Simon Perreault <sperrea...@openbsd.org> wrote: >> On 2012-07-09 10:17, Stuart Henderson wrote: >>> On 2012-07-09, Fil DiNoto<fdin...@gmail.com> wrote: >>>> But i was wondering if I could achieve something that would work for >>>> ALL the addresses behind the router as well without creating >>>> individual rules for each address. Something like this: >>>> >>>> pass in on egress proto tcp from $location1 to any port ssh rdr-to >>>> (original destination IP) port XXX22 >>> >>> nope. easiest option for this is probably a userland proxy. >>> not sure but I reckon relayd can probably do it. >> >> Not even with a bitmask pool? >> >> pass ... rdr-to 0.0.0.0/0 port XXX22 bitmask >> >> Simon >> >> > > Oh, that's twisted, I like it!