[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RDR rule for ftp-proxy

On Mon, Nov 08, 2004 at 05:21:46PM -0500, Maat, Steve wrote:
> rdr on em0 proto tcp \ 
> 	from { ! , } \
> 	to any port 21 -> port 8021
This is a frequently asked question, which the FAQ didn't answer so far,
the following paragraph was just added:
   Beware of constructs like the following, dubbed "negated lists", which
   are a common mistake:
     pass in on fxp0 from {, ! }
   While the intended meaning is usually to match "any address within, except for", the rule expands to:
     pass in on fxp0 from
     pass in on fxp0 from !
   which matches any possible address. Instead, a table should be used. 
Let me know if this doesn't clear things up completely, as in that case
the FAQ needs adjusting, too ;)