From owner-freebsd-hackers Wed Apr 23 04:53:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA25867 for hackers-outgoing; Wed, 23 Apr 1997 04:53:54 -0700 (PDT) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA25862 for ; Wed, 23 Apr 1997 04:53:51 -0700 (PDT) Message-Id: <199704231153.EAA25862@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA112225968; Wed, 23 Apr 1997 21:46:08 +1000 From: Darren Reed Subject: Re: IPFILTER To: chris@dilbert.bb.cc.wa.us (Chris Coleman) Date: Wed, 23 Apr 1997 21:46:08 +1000 (EST) Cc: avalon@coombs.anu.edu.au, hackers@freebsd.org In-Reply-To: from "Chris Coleman" at Apr 22, 97 02:04:59 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In some mail from Chris Coleman, sie said: > > I am running IPNAT and > Currently i have this as the only rule in my rule set, so everyone comes > back as the same person from the DNS. > > map fxp0 10.0.0.0/8 -> 208.8.136.10/32 portmap tcp/udp 10000:65000 > > I would like to split up the domain in to 5 sections (according to > buildings) and map all the buildings separately to different ip addresses. > And have the last rule catch all of the other connections and run them > through current ip address. > > I tried to do this, but couldn;t figure out how to make a rule to "catch > all" of the remaining ones. Do rules have precedence? what if i just > want to map one ip address to a specific ip address and catch all the > rest through the normal rules? Rules are parsed, top to bottom. So if you put your "catch-all" last, it will work. Darren