Date: Fri, 08 Jan 2010 11:38:32 +0100 From: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> To: freebsd-pf@freebsd.org Subject: Re: freebsd 8 Message-ID: <4B470B28.8070408@lmpt.univ-tours.fr> In-Reply-To: <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com> References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> <4B46EAA2.5050904@lmpt.univ-tours.fr> <7731938b1001080231p75e6ee17g59c8fbacda90d983@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 08.01.2010 11:31, Peter Maxwell a écrit : > 2010/1/8 Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr>: > >>> # keep stats of outging connections >>> pass out keep state >> This rule allows everything out and next outgoing rules won't be checked as >> this one first match. > > That's incorrect, pf does the opposite and uses the *last* match - at > least that's what the documentation says... > http://www.openbsd.org/faq/pf/filter.html > > The quick keyword is used for shortcut evaluation. Yes ! Actually, all the following rules in my pf.conf use this keyword. That's why I said that. I suppose the rules evaluation is quicker this way but I may be wrong. Am I ? Best regards, -- Olivier THIBAULT Université François Rabelais - UFR Sciences et Techniques Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B470B28.8070408>