* Jason McIntyre <j...@kerhand.co.uk> [2011-01-30 16:37]: > ok, so that's not so bad. in a way we're already there: pf.conf(5) notes > in PACKET FILTERING first: > > For block and pass, the last matching rule decides what > action is taken; if no rule matches the packet, the default > action is to pass the packet. > > and then: > > By default pf(4) filters packets statefully: the first time > a packet matches a pass rule, a state entry is created; > > but we do not explicitly say that if no rule matches, a packet is passed > effectively with "no state" applied. is that sufficiently important that > we should say it?
I don't think so. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
