История изменений

     tag <string>
	   Packets matching this rule will be tagged with the specified
	   string.  The	tag acts as an internal	marker that can	be used	to
	   identify these packets later	on.  This can be used, for example, to
	   provide trust between interfaces and	to determine if	packets	have
	   been	processed by translation rules.	 Tags are "sticky", meaning
	   that	the packet will	be tagged even if the rule is not the last
	   matching rule.  Further matching rules can replace the tag with a
	   new one but will not	remove a previously applied tag.  A packet is
	   only	ever assigned one tag at a time.  Packet tagging can be	done
	   during nat, rdr, or binat rules in addition to filter rules.	 Tags
	   take	the same macros	as labels (see above).

     tagged <string>
	   Used	with filter, translation or scrub rules	to specify that	pack-
	   ets must already be tagged with the given tag in order to match the
	   rule.  Inverse tag matching can also	be done	by specifying the !
	   operator before the tagged keyword.

     # Packet Tagging

     # three interfaces: $int_if, $ext_if, and $wifi_if	(wireless). NAT	is
     # being done on $ext_if for all outgoing packets. tag packets in on
     # $int_if and pass	those tagged packets out on $ext_if.  all other
     # outgoing	packets	(i.e., packets from the	wireless network) are only
     # permitted to access port	80.

     pass in on	$int_if	from any to any	tag INTNET
     pass in on	$wifi_if from any to any

     block out on $ext_if from any to any
     pass out quick on $ext_if tagged INTNET
     pass out on $ext_if proto tcp from	any to any port	80

     # tag incoming packets as they are	redirected to spamd(8).	use the	tag
     # to pass those packets through the packet	filter.

     rdr on $ext_if inet proto tcp from	<spammers> to port smtp	\
	     tag SPAMD -> 127.0.0.1 port spamd

     block in on $ext_if
     pass in on	$ext_if	inet proto tcp tagged SPAMD

tag <string>
	   Packets matching this rule will be tagged with the specified
	   string.  The	tag acts as an internal	marker that can	be used	to
	   identify these packets later	on.  This can be used, for example, to
	   provide trust between interfaces and	to determine if	packets	have
	   been	processed by translation rules.	 Tags are "sticky", meaning
	   that	the packet will	be tagged even if the rule is not the last
	   matching rule.  Further matching rules can replace the tag with a
	   new one but will not	remove a previously applied tag.  A packet is
	   only	ever assigned one tag at a time.  Packet tagging can be	done
	   during nat, rdr, or binat rules in addition to filter rules.	 Tags
	   take	the same macros	as labels (see above).

     tagged <string>
	   Used	with filter, translation or scrub rules	to specify that	pack-
	   ets must already be tagged with the given tag in order to match the
	   rule.  Inverse tag matching can also	be done	by specifying the !
	   operator before the tagged keyword.

# Packet Tagging

     # three interfaces: $int_if, $ext_if, and $wifi_if	(wireless). NAT	is
     # being done on $ext_if for all outgoing packets. tag packets in on
     # $int_if and pass	those tagged packets out on $ext_if.  all other
     # outgoing	packets	(i.e., packets from the	wireless network) are only
     # permitted to access port	80.

     pass in on	$int_if	from any to any	tag INTNET
     pass in on	$wifi_if from any to any

     block out on $ext_if from any to any
     pass out quick on $ext_if tagged INTNET
     pass out on $ext_if proto tcp from	any to any port	80

     # tag incoming packets as they are	redirected to spamd(8).	use the	tag
     # to pass those packets through the packet	filter.

     rdr on $ext_if inet proto tcp from	<spammers> to port smtp	\
	     tag SPAMD -> 127.0.0.1 port spamd

     block in on $ext_if
     pass in on	$ext_if	inet proto tcp tagged SPAMD