>> I have been using IPFW for years, now because of some reasons I'm >> migrating to PF. In IPFW we can use the "skipto" keyword in order to >> change the order of checking the rules. How can I do this in PF?
>PF processes rules from top to bottom for every packet, only aborting >the rule evaluation in the case that the "quick" keyword is used to >render a decision immediately. >If you are trying to avoid having to evaluate all of your rules on every >packet, you should read up on the "anchor" feature, which allows you to >perform a type of "subroutine call", evaluating a different ruleset upon >some condition. You could conceivably use that to evaluate some rules >and come to a decision without having to evaluate all of the rules in a >policy. It would take some rethinking of your existing rules, no doubt. How is it possible? Could you please come up with some examples? The traffic I want to decide about, first, must match all features which I want and then do the decision about the traffic. Thanks _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
