diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-02-01 14:37:05 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-02-01 14:37:05 +0000 |
commit | 382729a327736afd1eb25a08001773fe12139f0d (patch) | |
tree | bf7eb538e498cc8bc172c52d4915a0998dddacde /share | |
parent | 427ea2b4886eb9fa73fc0c15359184494c63bb6e (diff) |
The network interface is not mandatory for translation rules.
ok dhartmei@
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man5/pf.conf.5 | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 7c86ae8dd99..c5899720266 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.172 2003/01/30 15:05:37 henning Exp $ +.\" $OpenBSD: pf.conf.5,v 1.173 2003/02/01 14:37:04 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -721,7 +721,8 @@ therefore rules for redirected packets should specify the address and port after translation. .Pp Translation rules apply only to packets that pass through -the specified interface. +the specified interface, and if no interface is specified, +translation is applied to packets on all interfaces. For instance, redirecting port 80 on an external interface to an internal web server will only work for connections originating from the outside. Connections to the address of the external interface from local hosts will @@ -1849,17 +1850,17 @@ filteropt = [ user ] | [ group ] | [ flags ] | [ max-mss number ] [ fragmentation ] [ allow-opts ] | [ label string ] | [ queue string ] -nat-rule = [ no ] nat on ifspec [ af ] [ protospec ] +nat-rule = [ no ] nat [ on ifspec ] [ af ] [ protospec ] from ipspec to ipspec [ portspec ] [ -> ( redirhost | { redirhost-list } ) [ portspec ] ] [ pooltype ] [ static-port ] -binat-rule = [ no ] binat on interface-name [ af ] +binat-rule = [ no ] binat [ on interface-name ] [ af ] [ proto ( proto-name | proto-number ) ] from address [ / mask-bits ] to ipspec [ -> address [ / mask-bits ] ] -rdr-rule = [ no ] rdr on ifspec [ af ] [ protospec ] +rdr-rule = [ no ] rdr [ on ifspec ] [ af ] [ protospec ] from ipspec to ipspec [ portspec ] [ -> ( redirhost | { redirhost-list } ) [ portspec ] ] [ pooltype ] |