* Giancarlo Razzolini <grazzol...@gmail.com> [2014-03-24 15:46]: > First of all, I hardly see why you want or need to use if-bound, since > it most likely hurts pf performance.
it doesn't. however, if-bound is stupid except very few cases, i. e. on encX. > Secondly, the proper way of doing nat, is using match rules, not pass. sez who? nat-to on pass rules is perfectly fine. using a match rule is just more practical in most scenarios. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
