CB> But the real question I've is why do you need that. CB> You can just do the opposite table:
CB> table <x> { 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}
CB> And then use the table in negative rules, like:
CB> pass in from !<x>
hmm, yes, it's better idea.
