[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RDR rule for ftp-proxy

Clears things up. Moved list to a table and all works as expected.
-----Original Message-----
From: Daniel Hartmeier [mailto:[email protected]] 
Sent: Monday, November 08, 2004 8:43 PM
To: Maat, Steve
Cc: [email protected]
Subject: Re: RDR rule for ftp-proxy
On Mon, Nov 08, 2004 at 05:21:46PM -0500, Maat, Steve wrote:
> rdr on em0 proto tcp \ 
> 	from { ! , } \
> 	to any port 21 -> port 8021
This is a frequently asked question, which the FAQ didn't answer so far,
the following paragraph was just added:
   Beware of constructs like the following, dubbed "negated lists",
   are a common mistake:
     pass in on fxp0 from {, ! }
   While the intended meaning is usually to match "any address within, except for", the rule expands to:
     pass in on fxp0 from
     pass in on fxp0 from !
   which matches any possible address. Instead, a table should be used. 
Let me know if this doesn't clear things up completely, as in that case
the FAQ needs adjusting, too ;)