From owner-freebsd-pf@FreeBSD.ORG Fri Jan 8 10:38:38 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ED85106566B for ; Fri, 8 Jan 2010 10:38:38 +0000 (UTC) (envelope-from Olivier.Thibault@lmpt.univ-tours.fr) Received: from mailhost.lmpt.univ-tours.fr (mailhost.lmpt.univ-tours.fr [193.52.212.1]) by mx1.freebsd.org (Postfix) with ESMTP id 345EC8FC0C for ; Fri, 8 Jan 2010 10:38:38 +0000 (UTC) Received: from mailhost.lmpt.univ-tours.fr (localhost [127.0.0.1]) by mailhost.lmpt.univ-tours.fr (Postfix) with ESMTP id 95067DB05F for ; Fri, 8 Jan 2010 11:38:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= lmpt.univ-tours.fr; h=content-transfer-encoding:content-type :content-type:in-reply-to:references:subject:subject :mime-version:user-agent:from:from:date:date:message-id:received :received; s=main; t=1262947115; bh=RuXUhLK2M6r86EWIdwtoeCrsQcFo Lo41W1wTVK0Cnoc=; b=XAATRiH6Q+bPGl5vFGMRF0MlMLILGwfbBI1DFsj8VH4u Etjnc4mBjmfPpIHcD2KA2od6jjR2i1+DyBe4x5T5zKCc4BBNMA7XdIs+weyLFnl2 9rRDMoEFO0v3YBn+Mcj3wZ9pW2eplfidcl15Q4n5qdTXpDW2u7JL1eGRQlVHvsQ= X-Virus-Scanned: amavisd-new at lmpt.univ-tours.fr Received: from mailhost.lmpt.univ-tours.fr ([127.0.0.1]) by mailhost.lmpt.univ-tours.fr (mailhost.lmpt.univ-tours.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id e9mchCt2UHJV for ; Fri, 8 Jan 2010 11:38:35 +0100 (CET) Received: from [10.68.5.128] (trinity.lmpt.priv [10.68.5.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mailhost.lmpt.univ-tours.fr (Postfix) with ESMTPSA id 5C700DAFE5 for ; Fri, 8 Jan 2010 11:38:35 +0100 (CET) Message-ID: <4B470B28.8070408@lmpt.univ-tours.fr> Date: Fri, 08 Jan 2010 11:38:32 +0100 From: Olivier Thibault User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> <4B46EAA2.5050904@lmpt.univ-tours.fr> <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com> In-Reply-To: <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Subject: Re: freebsd 8 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2010 10:38:38 -0000 Le 08.01.2010 11:31, Peter Maxwell a =E9crit : > 2010/1/8 Olivier Thibault : >=20 >>> # keep stats of outging connections >>> pass out keep state >> This rule allows everything out and next outgoing rules won't be check= ed as >> this one first match. >=20 > That's incorrect, pf does the opposite and uses the *last* match - at > least that's what the documentation says... > http://www.openbsd.org/faq/pf/filter.html >=20 > The quick keyword is used for shortcut evaluation. Yes ! Actually, all the following rules in my pf.conf use this keyword. That's why I said that. I suppose the rules evaluation is quicker this way but I may be wrong. Am I ? Best regards, --=20 Olivier THIBAULT Universit=E9 Fran=E7ois Rabelais - UFR Sciences et Techniques Laboratoire de Math=E9matiques et Physique Th=E9orique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44