Two(2) questions regarding quick and adding rules later.
Jacob, Raymond A Jr
raymond.jacob at navy.mil
Sun Mar 12 09:17:50 UTC 2006
So you are saying if I have just one quick statement the last rule
matching i.e. block log all wins?
Thank you,
Raymond
-----Original Message-----
From: Greg Hennessy [mailto:Greg.Hennessy at nviz.net]
Sent: Saturday, March 11, 2006 4:38
To: Jacob, Raymond A Jr; freebsd-pf at freebsd.org
Subject: RE: Two(2) questions regarding quick and adding rules later.
>
> All traffic blocked unless I use quick.
> tcpdump -n -e -ttt -r /var/log/pflog
> showed traffic was blocked by the last rule unless I added
> quick to pass rules.
> I thought the matching rules would have overiden the block rule?
If you don't use quick , the last matching rule wins.
Make the very 1st rule
block log all
And delete any non specific blocks further down.
Greg
More information about the freebsd-pf
mailing list