With only quick rules, first match decides. No need to read the whole rule-set to know the result.
On Sat, 2 Jul 2022, 17:01 Peter Nicolai Mathias Hansteen, <[email protected]> wrote: > > > 2. jul. 2022 kl. 02:32 skrev Scott Colby <[email protected]>: > > Hello, > > I am working to set up a relatively simple home router with OpenBSD and > pf. (A few VLANs, a few port forwards, NAT, DHCP, DNS.) I am looking for > a pointer to best practices for writing pf rules. In particular, are > quick rules or non-quick rules preferred? I am coming from pfSense, > where most rules are quick, but I'm not sure which is > preferred/advocated for in the wider pf community. > > > In PF, rules are evaluated top to bottom, and last match wins. > > I would use quick only if there is a chance that some later rule with a > different purpose has criteria that are similar enough that the later rule > would match. > > You could do worse than read the PF faq > https://www.openbsd.org/faq/pf/index.html and you may find the > oft-repeated PF tutorial http://home.nuug.no/~peter/pftutorial/ useful > along with the material it links to. > > All the best, > Peter > > — > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > >
