Date: Fri, 8 Jan 2010 10:31:18 +0000 From: Peter Maxwell <peter@allicient.co.uk> To: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 8 Message-ID: <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com> In-Reply-To: <4B46EAA2.5050904@lmpt.univ-tours.fr> References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> <4B46EAA2.5050904@lmpt.univ-tours.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/1/8 Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr>: >> # keep stats of outging connections >> pass out keep state > > This rule allows everything out and next outgoing rules won't be checked as > this one first match. That's incorrect, pf does the opposite and uses the *last* match - at least that's what the documentation says... http://www.openbsd.org/faq/pf/filter.html The quick keyword is used for shortcut evaluation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7731938b1001080231p75e6ee17g59c8fbacda90d983>