The
nat on rules can be converted
directly into
match rules, as outlined in the
pf(4) NAT syntax change section of the
OpenBSD 4.7 Upgrade Guide, which described the transition. This syntax dates from that release.
Your rules:
Code:
nat on $ext_if from $srv01 to any -> $ext_if_fw
nat on $ext_if from $srv05 to any -> $ext_if_fw
are likely to translate directly to:
Code:
match out on $ext_if from {$srv01 $srv05} nat-to $ext_if_fw
I say
likely because as J65nko has pointed out, you have only shared a fragment of your ruleset, and your variables are unknowns. My proposed syntax will apply
nat-to to later pass rules that apply.