pf version 3.7 on freebsd

[David DeSimone]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Leandro Malaquias <lm.net.security at gmail.com> wrote:
>
> I've heard that the pf version being used on freebsd 6-stable is 3.7 so the
> features "pass" and "log" when using "rdr" won't work.

"pass" works, but "log" does not.

You can work around this by forgoing "pass" and instead use "tag" to add
a NAT tag to your redirected packets, then create a "pass" rule which
passes and logs the resultant traffic.

    rdr on $EXT_IF proto tcp from x.x.x.x to y.y.y.y port zz \
	tag REDIRECT -> w.w.w.w

    pass in log quick on $EXT_IF all tagged REDIRECT

- -- 
David DeSimone == Network Admin == fox at verio.net
  "It took me fifteen years to discover that I had no
   talent for writing, but I couldn't give it up because
   by that time I was too famous.  -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGcujmFSrKRjX5eCoRAmqhAJ4/FeplWFekEhytmIPF8I4GERkRmQCeNh58
X5luzos0BKO1ZRB0FVUzNdQ=
=p3Vi
-----END PGP SIGNATURE-----