On Wed, Mar 26, 2025 at 3:33 PM <smooth.map9...@isadon.com> wrote: > So the "Proper use of self" post made me ponder about the proper use of > "quick". My ruleset consists of a lot of "quick" rules (more than 90%) > because in my mind its faster to stop evaluating any further rules if it > isn't needed. But it feels weird that every rule I write now always has > "quick" and it's making me wonder if that's wrong because nearly all other > pf ruleset's I see don't use "quick" so much. Is heavy use of "quick" bad > / be avoided or am I just writing my rules wrong? I am actually curious > myself how nearly all my rules devolved into being "quick". >
I think it's just a question of what makes more sense to you. It's important to match the structure of your ruleset to the way you naturally think about packet filtering, because the goal is to have a clear ruleset that is easily understood and reasoned about. A ruleset that's hard to understand is a ruleset that's hard to trust because you can't be certain it's correct
