use of ! in nat broken ?
Mike Tancsa
mike at sentex.net
Thu Jan 3 08:10:07 PST 2008
At 11:09 PM 1/2/2008, David DeSimone wrote:
>The mistake you're making here is the consider pf's syntax to be a
>combined AND'd statement of boolean logic, which it is not. It is
>really just simple macro expansion, which does not equate to the same
>thing.
Thanks for the detailed explanation! Reading it that way makes sense
to me now. I am trying to think which is more readable in general
and I think the table syntax is perhaps the best. It does seem to
treat it in a way thats slightly more intuitive (for me anyways) in
that I have one nat statement that applies to "those who I want to
NAT", and the boolean logic applies in the table definition is readable enough.
table <204network> {!$server1,!$server2,$internal204}
nat on $ext_if from <204network> to any -> $officepublicIP
Thanks again,
---Mike
More information about the freebsd-pf
mailing list