Date: Fri, 08 Jan 2010 11:38:32 +0100 From: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> To: freebsd-pf@freebsd.org Subject: Re: freebsd 8 Message-ID: <4B470B28.8070408@lmpt.univ-tours.fr> In-Reply-To: <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com> References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> <4B46EAA2.5050904@lmpt.univ-tours.fr> <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 08.01.2010 11:31, Peter Maxwell a =E9crit : > 2010/1/8 Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr>: >=20 >>> # keep stats of outging connections >>> pass out keep state >> This rule allows everything out and next outgoing rules won't be check= ed as >> this one first match. >=20 > That's incorrect, pf does the opposite and uses the *last* match - at > least that's what the documentation says... > http://www.openbsd.org/faq/pf/filter.html >=20 > The quick keyword is used for shortcut evaluation. Yes ! Actually, all the following rules in my pf.conf use this keyword. That's why I said that. I suppose the rules evaluation is quicker this way but I may be wrong. Am I ? Best regards, --=20 Olivier THIBAULT Universit=E9 Fran=E7ois Rabelais - UFR Sciences et Techniques Laboratoire de Math=E9matiques et Physique Th=E9orique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B470B28.8070408>