match is used when you want a rule to match but do not necessarily want either a pass or a block to apply right then and there, you will either already have it (such as a pass all) or will apply a pass rule if applicable later.You can use a label with it for use in later policy based filtering rules, too. Commonly used for NAT rules, port redirection rules, or tagged base policy filtering.
The inet family is one of two families supported by pf. The other is inet6. The purpose is so that you can have different rules apply to IPv4 and IPv6, if necessary. Commonly used when tunnelling IPv6 under IPv4, or IPv4 under IPv6.
|