Date: Thu, 13 Dec 2007 22:07:00 +0000 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: PF blocking even if set to pass all Message-ID: <20071213220700.2fb3a962@gumby.homeunix.com.> In-Reply-To: <47619345.8000400@locolomo.org> References: <2949641c0712130319p3da37aeci92987c64516dabef@mail.gmail.com> <20071213132535.194adf58.ghirai@ghirai.com> <47619345.8000400@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Dec 2007 21:17:09 +0100 Erik Norgaard <norgaard@locolomo.org> wrote: > I think it is possible to set a default rule, which for security > should be block, which means that any packet that falls through your > rule set will be blocked. I'm not aware that there is, the FAQ suggests having block in all block out all at the top. > Therefore, you should have "pass quick". With PF the last rule to be hit will be used, which means the default is normally applied at the beginning and then overridden. You don't need quick to avoid dropping off the bottom of the rules, unless you are trying to replicate an IPFW script in PF.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071213220700.2fb3a962>