On Mon, Mar 17, 2014 at 09:53:43PM -0300, Friedrich Locke wrote: > Hi folks. > > I am studying obsd pf and saw there are no more nat rules and rdr rules the > old way.
Yes, this changed with OpenBSD 4.7, in 2010. The change is documented in the 4.7 Upgrade Guide: http://www.openbsd.org/faq/upgrade47.html This will help you understand how to migrate your older systems to 2010 and later implementations of PF. > Now it is nat-to and rdr-to. What is the motivation for "match" rule ? This allows global options to be set. From pf.conf(5): match The packet is matched. This mechanism is used to provide fine grained filtering without altering the block/pass state of a packet. match rules differ from block and pass rules in that parameters are set every time a packet matches the rule, not only on the last matching rule. For the following parameters, this means that the parameter effectively becomes ``sticky'' until explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and scrub.
