From owner-freebsd-pf@FreeBSD.ORG Fri May 11 15:48:14 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 80F1F16A400 for ; Fri, 11 May 2007 15:48:14 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from qsmtp1.mc.surewest.net (qsmtp.mc.surewest.net [66.60.130.145]) by mx1.freebsd.org (Postfix) with SMTP id 4C59B13C4B9 for ; Fri, 11 May 2007 15:48:14 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: (qmail 27223 invoked from network); 11 May 2007 08:48:13 -0700 Received: by simscan 1.1.0 ppid: 27200, pid: 27201, t: 4.2208s scanners: regex: 1.1.0 attach: 1.1.0 clamav: 0.90.1/m:43 spam: 3.1.7-deb Received: from unknown (HELO blacklamb.mykitchentable.net) (66.205.146.210) by qsmtp1 with SMTP; 11 May 2007 08:48:09 -0700 Received: from [192.168.1.3] (bigdaddy.mykitchentable.net [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with ESMTP id ED130164B88; Fri, 11 May 2007 08:48:08 -0700 (PDT) Message-ID: <46449028.8010507@mykitchentable.net> Date: Fri, 11 May 2007 08:47:52 -0700 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Smith References: <4619226E.1030105@mykitchentable.net> <46193097.2040303@mykitchentable.net> <200705020945.39102.bsd782@chrissmith.org> In-Reply-To: <200705020945.39102.bsd782@chrissmith.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on qsmtp1.surewest.net X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_00, RCVD_IN_SORBS_DUL autolearn=no version=3.0.3 Cc: freebsd-pf@freebsd.org Subject: Re: pf and ALTQ - I Don't Understand X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2007 15:48:14 -0000 On 5/2/2007 6:45 AM Chris Smith said the following: >On Sunday 08 April 2007, Drew Tomlinson wrote: > > >>OK, I've done some more digging and maybe I understand now. I was >>missing the fact that NAT occurs BEFORE filtering >> >> > >Why not tag the packets? > >Chris > OK, why not? :) I looked through the pf manual and read the section on packet tagging. This seems to do what I need and appears to be working for me. Thanks, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com