I wanted to limit static ports to just my gaming consoles for security reasons. Would prefer to have source port randomization for the rest of the network.
For now I've set the entire network to have static ports as a "possible solution". I would suspect that a pass rule with nat-to would always have to match otherwise network address translation for a specific IP wouldn't work. Wouldn't this end up with a pass quick rule with nat-to?
I'm really not sure. When I have the time I'll test pass rules with nat-to and report back.
|