On Mon, Sep 21, 2020 at 02:14:25PM +0200, open...@kene.nu wrote: > > > can find online seems to suggest otherwise. > > > > It would be interesting to hear which shreds of information you found. > > > Mainly this which I see now contradicts itself. > https://forums.freebsd.org/threads/nat-filtering-in-pf-what-happens-if.22783/
It's important to be aware that FreeBSD's PF is ancient, on par with roughly what was in OpenBSD 4.5. The NAT code on the OpenBSD side of the fence was totally rewritten for 4.7 which is also IIRC when match was introduced. You may have noticed that FreeBSD's PF does not have match rules. I hope you find a workable solution for what you need to do. All the best, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
