freebsd 8
Olivier Thibault
Olivier.Thibault at lmpt.univ-tours.fr
Fri Jan 8 10:38:38 UTC 2010
Le 08.01.2010 11:31, Peter Maxwell a écrit :
> 2010/1/8 Olivier Thibault <Olivier.Thibault at lmpt.univ-tours.fr>:
>
>>> # keep stats of outging connections
>>> pass out keep state
>> This rule allows everything out and next outgoing rules won't be checked as
>> this one first match.
>
> That's incorrect, pf does the opposite and uses the *last* match - at
> least that's what the documentation says...
> http://www.openbsd.org/faq/pf/filter.html
>
> The quick keyword is used for shortcut evaluation.
Yes ! Actually, all the following rules in my pf.conf use this keyword.
That's why I said that.
I suppose the rules evaluation is quicker this way but I may be wrong.
Am I ?
Best regards,
--
Olivier THIBAULT
Université François Rabelais - UFR Sciences et Techniques
Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083)
Service Informatique de l'UFR
Parc de Grandmont
37200 Tours - France
Email: olivier.thibault at lmpt.univ-tours.fr
Tel: (33)(0)2 47 36 69 12
Fax: (33)(0)2 47 36 70 68
Mobile : (33)(0)6 62 60 80 44
More information about the freebsd-pf
mailing list