On Sun, Jan 29, 2012 at 5:35 PM, corey clingo wrote:
> On Sun, Jan 29, 2012 at 4:45 PM, Henning Brauer
wrote:
>> * corey clingo [2012-01-29 19:47]:
>>> Anyway, I'm reading the pf.conf man page, and I interpret it as saying
>>> that the last matching pass/block rule determines what action is
>>>
On Sun, Jan 29, 2012 at 4:45 PM, Henning Brauer wrote:
> * corey clingo [2012-01-29 19:47]:
>> Anyway, I'm reading the pf.conf man page, and I interpret it as saying
>> that the last matching pass/block rule determines what action is
>> taken, but the _first_ matching pass rule is what creates th
* corey clingo [2012-01-29 19:47]:
> Anyway, I'm reading the pf.conf man page, and I interpret it as saying
> that the last matching pass/block rule determines what action is
> taken, but the _first_ matching pass rule is what creates the state.
> Am I interpreting this correctly?
no, the last on
Quoting corey clingo :
I had to replace the dead hard drive in an old OpenBSD firewall
yesterday (it only ran for about 8 years :), and in the process I had
to re-do my pf.conf to incorporate the newer (post-4.6 or thereabouts)
syntax. I was trying to figure out why I have what appears to be two
On Sun, 29 Jan 2012 12:46:21 -0600
corey clingo wrote:
> Should I be using match rules to do nat-to/rdr-to
> instead?
Yes.
I had to replace the dead hard drive in an old OpenBSD firewall
yesterday (it only ran for about 8 years :), and in the process I had
to re-do my pf.conf to incorporate the newer (post-4.6 or thereabouts)
syntax. I was trying to figure out why I have what appears to be two
states for each incoming
6 matches
Mail list logo
