I plain don't understand your problem, nor was it clear was yur question actually was.
* Rod Whitworth <glis...@witworx.com> [2010-05-12 11:39]: > >maybe the idea was that it's simpler to write pass/block rules for your > >traffic, then just match the nat stuff. i don;t know. > And neither does anyone else who hangs out here, it seems. pass / block and match nat-to afterwards works fine. so does doing that very same match nat-to beforehands. so does doing the nat-to on the pass rules. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
