Le 08.01.2010 11:31, Peter Maxwell a écrit :
2010/1/8 Olivier Thibault <[email protected]>:
# keep stats of outging connections
pass out keep state
This rule allows everything out and next outgoing rules won't be checked as
this one first match.
That's incorrect, pf does the opposite and uses the *last* match - at
least that's what the documentation says...
http://www.openbsd.org/faq/pf/filter.html
The quick keyword is used for shortcut evaluation.
Yes ! Actually, all the following rules in my pf.conf use this keyword.
That's why I said that.
I suppose the rules evaluation is quicker this way but I may be wrong.
Am I ?
Best regards,
--
Olivier THIBAULT
Université François Rabelais - UFR Sciences et Techniques
Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083)
Service Informatique de l'UFR
Parc de Grandmont
37200 Tours - France
Email: olivier.thibault at lmpt.univ-tours.fr
Tel: (33)(0)2 47 36 69 12
Fax: (33)(0)2 47 36 70 68
Mobile : (33)(0)6 62 60 80 44
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
