Yes, it shows that for a nat rule but doesn't mention anything about pass on a binat rule. I only discovered that binat accepts pass from the grammer section of pf.conf(5). I can't find any authority that states that "binat pass..." causes a bypass of all filtering as it does with "nat pass..."
On 3/22/07, Dag Richards <[EMAIL PROTECTED]> wrote: > > A quick read of the faq shows the "pass" keyword causes a bypass all > filtering ...so don't use it if you want your filters to be applied . > > > Bruce Bauer wrote: > > Using OpenBSD 4.0 > > Using binat for the first time in the real world > > Questions: > > binat pass on fxp0 from $server_int to any -> $server_ext > > does this bypass all other pf filter rules? > > binat on fxp0 from $server_int to any -> $server_ext > > does this form allow filtering? > > Googleing comes up with many different opinions
