On Mon, Aug 25, 2008 at 11:05:38AM +1000, Mikel Lindsaar wrote: > Hello list, > > I have purchased and read the book of PF (good book by the way) as > well as the man pages, and I have a question that I have not been able > to find a definitive answer on: > > "Does PF only evaluate every packet against the ruleset once on all > interfaces, or does it evaluate once for each interface?"
AFAIK pf by default creates state for initial packets, and once the state is created by default pf passes packets on all interfaces belonging to that state. the state-policy can be changed to change this. -- vi vi vi -- the number fo the beast
