On Mon, Feb 27, 2006 at 03:40:17PM +0100, vladimir plotnikov wrote: > Hello! > > Sorry for stupid question. > part of pf.conf: > .... > pass in on $ext_if proto tcp from any to any port 21 keep state > pass in on $ext_if proto tcp from any to any port > 49151 keep state > ... > block return-rst in log on $ext_if proto tcp all
the last matching rule wins, as explained in the pf.conf(5) man page. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
