On 8 Sep 2005, at 14:55, Stephan A. Rickauer wrote: > Ok, I'll make it more concrete. If a machine has traffic going over > two interfaces (router) a netfilter rule would look like this: > > iptables -A FORWARD -i in-iface -o out-iface ... > > It looks like with pf one achieves that with: > > pass in on in-iface ... > pass out on out-iface ... > > Is that basically correct?
Yes, that's all you need. You might want to use: $if_in="xl0" $if_out="xl1" pass in on $if_in keep state pass out on $if_out keep state Gaby -- Junkets for bunterish lickspittles since 1998! [EMAIL PROTECTED] http://weblog.vanhegan.net
