On Mon, Nov 21, 2016 at 10:43:17AM -0500, Kenneth Gober wrote:
> I get the impression that route-to is applied when a packet enters the
> router,
> e.g. as part of a "pass in" rule, and that it is used to forcibly direct the
> packet to a particular interface for "pass out" rather than relying on the
> default routing table for the entry interface.
>
> This means that if the "pass out" rule is the first time you are seeing the
> packet (i.e. because it originated from the router itself) then the routing
> decision has already been made and it is now too late to route again.
route-to takes effect when a state is created by a matched rule.
It is possible to use route-to on 'pass out' rules (at least, over here,
it works :)
