* Harald Dunkel <harald.dun...@aixigo.de> [2011-01-19 16:16]:
> On 01/18/11 19:06, Henning Brauer wrote:
> >> Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100:
> >>
> >>> pf.conf(5) says
> >>>
> >>> In the example below, packets bound for one specific server, as well
> >>> as
> >>> those generated by the sysadmins are not proxied; all other
> >>> connections
> >>> are.
> >>>
> >>> match in on $int_if proto { tcp, udp } from any to any port 80 \
> >>> rdr-to 127.0.0.1 port 80
> >>> pass in on $int_if proto { tcp, udp } from any to $server port 80
> >>> pass in on $int_if proto { tcp, udp } from $sysadmins to any
> >>> port 80
> >>>
> [snip]
> >
> > that doesn't contradict the OP at all. match rdr-to is indeed sticky
> > and the example flawed. replacing the match with pass would make it
> > work.
> >
>
> Assuming I would keep the match statement:
>
> Is there some "no-rdr" option for the pass rules to override
> the redirection defined in the match?
no. it can be overriden, but there's no way to "un-do" the redirection.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
