Hello, you are right, you need the both rules. -- Best regards, Loïc BLOT, UNIX systems, security and network engineer http://www.unix-experience.fr
Le mardi 18 mars 2014 à 15:19 -0300, Friedrich Locke a écrit : > Hi folks, > > i am studying pf and a doubt arose! > > Since my state policy if if-bound (set state-policy if-bound) i need two > rules for each traffic i want to pass. Is that understanding right ? > > For instance, for nat i could : > > pass out on tl0 from dc0:network to any nat-to tl0 > > pass in on dc0 from dc0:network to any > > Is this understanding correct ? Or only the first rule is ok? > > Thanks. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
