Date: Mon, 23 Jul 2012 11:37:27 +0200 From: "Tonix (Antonio Nati)" <tonix@interazioni.it> To: Daniel Hartmeier <daniel@benzedrine.cx>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Question on packet filter using in and out interfaces Message-ID: <500D1B57.8080405@interazioni.it> In-Reply-To: <20120721182316.GA32530@insomnia.benzedrine.cx> References: <500826BD.3070602@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D26F80@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AB340.2040405@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D27241@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AC91F.9090907@interazioni.it> <20120721182316.GA32530@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Il 21/07/2012 20:23, Daniel Hartmeier ha scritto: > On Sat, Jul 21, 2012 at 05:22:07PM +0200, Tonix (Antonio Nati) wrote: > >> If you can provide a link to this PF diagram it would be very useful. > > A copy is preserved on http://www.benzedrine.cx/pf_flow.png > > Yes, there are two phases. > > HTH, > Daniel > Daniel, thanks for pointing at the diagram. What it is not clear to me is related to in/out rules evaluation. Diagram starts obviously from the packet entering the system, until the packet exits the system. When the packet enters the system, which rules are evaluated? All rules related to interface, both for IN and OUT? Or only IN? PF manual says all rules in pf.conf are evaluated, so I suppose all rules applying to that interface are evaluated... or only IN rules are evaluated in this first step, and only OUT rules are evaluated in second step? Sorry, but I'm missing some key points. Regards, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?500D1B57.8080405>