Hi,

I made a PF patch[1] last night that support a syntax like this:

block|pass .... OPER sometable

OPER may be add-src, del-src, add-dst or del-dst

I made it as a simple way to pass passive ftp to a server but you can do funny 
things with it like I did here:

block in quick on bge0 inet proto tcp from any to any port = 35000 add-src 
firstauth
block in quick on bge0 inet proto tcp from <firstauth> to any port = 33333 
add-src secondauth
pass in quick on bge0 inet proto tcp from <secondauth> to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = ssh
block in quick on bge0 inet proto tcp from any to any port = 34000 del-src 
secondauth
block in quick on bge0 inet proto tcp from any to any port = 34001 del-sec 
firstauth

Any opinions are welcome ! (Please CC me)

[1] - http://kefren.netbsd.ro/pfoper.diff

-- 
Mihai Chelaru