need help with ipfw nat to pf nat migration

[Artem Viklenko]

04.04.19 07:30, Victor Sudakov пише:
> 
> 1.
> 
>> pass in quick on $int_if inet proto tcp from $server to any flags S/SA keep state allow-opts tag SERVER
> 
> 2.
> 
>> block return-rst out log quick on $mob_if inet proto tcp to any port 25 tagged SERVER
> 
> You have already passed the packet with "quick" in the first rule, it
> probably will never hit the second "block" rule?
> 

No, each rule bound to different interface - i.e. different conditions.


-- 
Regards!