match vs pass (changes in 4.7), and inet vs inet proto
I've upgraded one of my firewalls to 4.7 and have revised a few of the 'rdr pass' rules to reflect the syntax changes introduced in 4.7, but I'm not quite understanding why or when it would be appropriate to use match over pass in port redirection. Could someone enlighten me a bit? I've read the pf.conf man page but do better with practical examples when it comes to understanding concepts.
Also, I've read through the pf FAQ and man page trying to find out more about the inet declaration in the rules. I understand this is an address family, but the docs don't speak of it (that I can find) beyond that. In the pf FAQ I see example rules using it and others not in spite of these rules looking very similar, but don't understand why. Oops, the post title should have read "proto vs inet proto".
Thanks for any responses.
Last edited by mikesg; 25th May 2010 at 04:56 AM.
|Thread||Thread Starter||Forum||Replies||Last Post|
|No redirection pass with one interface ?||Simon||OpenBSD Security||11||8th March 2010 11:51 AM|
|first match vs last match ruleset design (pf vs iptables)||zelut||FreeBSD Security||5||12th July 2009 08:13 AM|
|net.inet.ip.portrange.*||carpman||FreeBSD General||10||27th May 2009 03:09 PM|
|PF rdr pass question||nimnod||FreeBSD General||2||1st May 2009 08:55 PM|
|PF can't match on TOS?||ivanatora||FreeBSD General||1||15th February 2009 10:34 AM|