On Thursday, Jun 19, 2003, at 17:14 US/Pacific, David Le Corfec wrote:
On Thursday 19 June 2003 23:21, Trevor Talbot wrote:
pass in on $ext_if proto tcp from any to $ext_if flags S/SA keep
state queue (q_def, q_pri)
You probably don't want this one, since you have the more-selective
rule above.
Isn't it just unneeded to add queuing rules for inbound packets anyway
?
"Note that queueing is only useful for packets in the /outbound/
direction."
(http://openbsd.org/faq/pf/queueing.html)
keep state will cause packets to be tagged even when they're going
in the opposite direction (outbound) -- in this case, the primary
concern is TCP ACKs.
