Date: Wed, 25 Mar 2009 01:05:50 +0600 From: forn <forn@ngs.ru> To: freebsd-pf@freebsd.org Subject: Re: first firewall with pf Message-ID: <49C92F0E.6040109@ngs.ru> In-Reply-To: <20090324162417.5186D8FC16@mx1.freebsd.org> References: <20090324162417.5186D8FC16@mx1.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"block in quick on $ext_if all" being the last and "block in on $ext_if all" being the first do absolutely the same thing. No point in changing. Eric, you might want to just do "set skip on lo" instead of allowing all through it, and add "scrub in" to normalize packets coming in. Dave Feustel wrote: > Change this rule to > block in on $ex_if all > and then make it the first rule. > The word 'quick' says don't evaluate any more rules if this matches. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49C92F0E.6040109>