* Claudio Jeker <[email protected]> [2009-11-13 18:19]: > > nat-to and rdr-to on pass rules are only applied if it is the last > > matching rule. for match rules they're always applied. > Maybe something like this. The result are that you need to have a > "pass tagged FTPTAG" rule after the anchor (or one rule per direction) or > the traffic may be blocked.
we could add a "pass tagged FTPTAG" rule in that case, or just document the fact. the assumption is that you want to do something with the packets afterwards if you are tagging, so i tend to "just document". -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
