> If you want PF, go back and read about it. Learn to handle it in the > way it was designed, don't try to blend it to whatever you used > before. It useless if you do that.
I get your point, I really do. I'm just trying to figure out a way *not* to have to specify each and every subnet behind a firewall interface as these will change dynamically over time and be learned via OSPF. That's why I was looking for a way to express filtering rules for forwarded traffic based on a combination of ingress and egress interfaces for cases where this is considered enough (i.e. specific subnets don't have to be expressed in the rule). Regards, -Martin
