* Harald Dunkel <[email protected]> [2011-01-20 11:55]:
> are the rdr-to and nat-to options in "pass" rules as sticky
> as for "match" rules?
no. as outlined in the mnapage.
> Of course I checked the man page, but it didn't tell.
blasphemia. of course it does.
match
The packet is matched. This mechanism is used to provide fine
grained filtering without altering the block/pass state of a
packet. match rules differ from block and pass rules in that
parameters are set every time a packet matches the rule, not only
on the last matching rule. For the following parameters, this
means that the parameter effectively becomes ``sticky'' until
explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and
scrub.
log is different still, in that the action happens every time a
rule matches i.e. a single packet can get logged more than once.
--
Henning Brauer, [email protected], [email protected]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
