Date: Thu, 03 Jan 2008 11:12:04 -0500 From: Mike Tancsa <mike@sentex.net> To: David DeSimone <fox@verio.net>, freebsd-pf@freebsd.org Subject: Re: use of ! in nat broken ? Message-ID: <200801031610.m03G9xNS011967@lava.sentex.ca> In-Reply-To: <20080103040942.GD10272@verio.net> References: <200801022126.m02LQ815007027@lava.sentex.ca> <20080103040942.GD10272@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:09 PM 1/2/2008, David DeSimone wrote:
>The mistake you're making here is the consider pf's syntax to be a
>combined AND'd statement of boolean logic, which it is not. It is
>really just simple macro expansion, which does not equate to the same
>thing.
Thanks for the detailed explanation! Reading it that way makes sense
to me now. I am trying to think which is more readable in general
and I think the table syntax is perhaps the best. It does seem to
treat it in a way thats slightly more intuitive (for me anyways) in
that I have one nat statement that applies to "those who I want to
NAT", and the boolean logic applies in the table definition is readable enough.
table <204network> {!$server1,!$server2,$internal204}
nat on $ext_if from <204network> to any -> $officepublicIP
Thanks again,
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801031610.m03G9xNS011967>