Harry Waddell <wadd...@caravaninfotech.com> wrote: > > I'm trying to have npf ( on the latest netbsd 7 beta ) > map address onto either an internal dmz network based on the > destination address being in a fairly large table ( several hundred > entries ) or map to the WAN address otherwise, e.g. as > > map vlan200 dynamic $mesh_nattable -> 10.8.200.1 pass from $mesh_nattable > to <ngroutes> map $wan_if dynamic $wan_nattable -> $wan_if > > Since there's nothing in the syntax to indicate one can do a "map final", > would something like this work and if so, which rule would get used, the > first, the last, the most specific? Since this isn't in a group, I'm not > sure how or if this will work at all.
Yes, that would work. Currently, map rules behave as "final" by default, so you have a first-match. It is debatable what should be the default and it could be made configurable via the extended "pass" syntax. In any case, I should document this. -- Mindaugas