* Mike <[EMAIL PROTECTED]> [2005-06-04 18:41]: > i was writing my pf rules and and i noticed following: > > the rule, antispoof quick log for fxp0 inet > expands to this when loading the rulesets to packet filter: > > block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any > block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any > block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any > ... > > the ruleset optimizer removes the duplicated entries but is it normal > it to translate the rule in this way in the first place?
depending on the aliases on your interface(s) this can happen. even without the optimizier it doesn't really have any performance impact thanks to skip steps. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
