From owner-freebsd-pf@FreeBSD.ORG  Fri Aug  5 07:25:05 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4717D16A41F
	for <freebsd-pf@freebsd.org>; Fri,  5 Aug 2005 07:25:05 +0000 (GMT)
	(envelope-from dexter@ambidexter.com)
Received: from tortoise.way.lv (7.lmuza.lv [195.13.151.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 946D143D5C
	for <freebsd-pf@freebsd.org>; Fri,  5 Aug 2005 07:25:01 +0000 (GMT)
	(envelope-from dexter@ambidexter.com)
Received: from localhost (localhost [127.0.0.1])
	by tortoise.way.lv (Postfix) with ESMTP id BE13F1FED59
	for <freebsd-pf@freebsd.org>; Fri,  5 Aug 2005 10:24:28 +0300 (EEST)
Received: from tortoise.way.lv ([127.0.0.1])
	by localhost (tortoise [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 12113-08 for <freebsd-pf@freebsd.org>;
	Fri, 5 Aug 2005 10:24:22 +0300 (EEST)
Received: from [192.168.1.102] (unknown [213.175.79.146])
	by tortoise.way.lv (Postfix) with ESMTP id 25F0B1FED52
	for <freebsd-pf@freebsd.org>; Fri,  5 Aug 2005 10:24:22 +0300 (EEST)
Mime-Version: 1.0
Message-Id: <a06230952bf18c2585759@[192.168.1.102]>
Date: Fri, 5 Aug 2005 10:25:08 +0300
To: freebsd-pf@freebsd.org
From: Michael Dexter <dexter@ambidexter.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at way.lv
Subject: Can rdr rules include flags?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2005 07:25:05 -0000


Hello,

This a general PF question but I am using it in the FreeBSD environment.

I am using an rdr rule to forward http traffic to a jail.

rdr pass on $ext_if inet proto tcp from any to $ext_if port 8080 -> 
$www_ad port 80

 From what I can tell, an accompanying "pass" entry such as the 
following is not needed and is perhaps ignored.

pass in on $ext_if inet proto tcp from any to $ext_if port 80 flags 
S/SA \ modulate state

Is there any way to apply flags to rdr traffic to limit protocols or ports?

Appreciated,

Michael.