This is a patch to update the FAQ at http://www.openbsd.org/faq/pf/tagging.html with the nat syntax changes introduced in 4.7 (http://openbsd.org/faq/upgrade47.html#newPFnat):
$ diff -ub tagging.html.bak tagging.html --- tagging.html.bak 2011-11-03 17:40:01.596053714 -0500 +++ tagging.html 2011-11-03 17:47:07.696539268 -0500 @@ -199,7 +199,7 @@ <blockquote> <tt> block all<br> -pass out on $ext_if tag LAN_INET_NAT tagged LAN_INET nat-to ($ext_if)<br> +match out on $ext_if tag LAN_INET_NAT tagged LAN_INET nat-to ($ext_if)<br> pass in on $int_if from $int_net tag LAN_INET<br> pass in on $int_if from $int_net to $dmz_net tag LAN_DMZ<br> pass in on $ext_if proto tcp to $www_server port 80 tag INET_DMZ<br> @@ -256,7 +256,7 @@ # classification -- classify packets based on the defined firewall # policy. block all -pass out on $ext_if tag LAN_INET_NAT tagged LAN_INET nat-to ($ext_if)<br> +match out on $ext_if tag LAN_INET_NAT tagged LAN_INET nat-to ($ext_if)<br> pass in on $int_if from $int_net tag LAN_INET<br> pass in on $int_if from $int_net to $dmz_net tag LAN_DMZ<br> pass in on $ext_if proto tcp to $www_server port 80 tag INET_DMZ There is a rule on the page that may also require changes: pass in on $ext_if proto tcp from <spamd> to port smtp \ tag SPAMD rdr-to 127.0.0.1 port 8025 I'm not familiar enough with rdr-to to know if this requires changes. Based on my reading it does not appear to require a change, but someone needs to check me on this. Axton Grams
