On Sat, Feb 14, 2004 at 02:35:28AM -0800, Octavian Hornoiu wrote: > I have tried using the rules I know from ipfilter on freebsd > to forward port 0 with gre and all that but I cannot seem to get pf to > accept the ruleset without it complaining about syntax. How is this > accomplished via the newer pf? if i understand you correctly, any of these might fit the bill: 1) rdr on $ext_if inet proto gre from any to ($ext_if) -> $internal_host pass on $ext_if inet proto gre from any to $internal_host keep state 2) rdr pass on $ext_if inet proto gre from any to ($ext_if) -> $internal_host
3) rdr on $ext_if inet proto gre from any to ($ext_if) tag GRE_IN -> $internal_host pass on $ext_if all keep state tagged GRE_IN if you try to specify a port, you might receive the message: : dst port only applies to tcp/udp : skipping rule due to errors : rule expands to no valid combination -- [ openbsd 3.4 GENERIC ( feb 14 ) // i386 ]
