On Fri, 2007-03-16 at 16:30 -0400, Dave Anderson wrote:
> >1) is my syntax wrong? YES
> >2) OK, what is wrong with it? Pointed out and understood.
>
> Evidently, *not* understood.
Evidently, you can read my mind and know what I do and do not
understand. That's fricken' amazing!
>
> >3) Good, now what is the correct syntax?
> >
> >number 3 is where we sit. I understand that the {} syntax is for text
> >expansion. What I don't understand is whether when someone use {}, is
> >the list evaluated as a logical AND or a logical OR?
>
> Neither. It does text expansion, as several people have already told
> you. *All* it does is transform one rule into several rules;
> evaluation is exactly the same as if the original ruleset included the
> resulting rules -- there's no AND or OR involved. The *effect* (in
> this case) is the same as if the {} construct were evaluated as an OR
> within a single rule, but that's not how it's implemented.
fine, that is how it is. so that answers my question from the previous
message. {} is treated differently in a table than in a rule.
but it still doesn't answer my question. With a default block all rule,
is it possible to pass traffic out to anyone except those defined in a
particular table without the need for further block rules?
if yes, then I'll figure it out. if not, a simple NO will suffice.
the following is what I'm NOT looking for:
========
block log all
pass in on bge1 from <insdie> to any keep state
pass out on bge0 from <inside> to any keep state
block out on bge0 from <inside> to <outside> keep state
block out on bge0 from <inside> to <llcidr> keep state
========
this accomplishes what I want, but I feel the use of more block
statements past the first one is extraneous.
--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219-4444 ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
