skipto keyword in pf
Patrick Lamaiziere
patfbsd at davenulle.org
Thu May 2 11:10:48 UTC 2013
Le Wed, 1 May 2013 22:54:37 -0700 (PDT),
Nomad Esst <noname.esst at yahoo.com> a écrit :
> >If you are trying to avoid having to evaluate all of your rules on
> >every packet, you should read up on the "anchor" feature, which
> >allows you to perform a type of "subroutine call", evaluating a
> >different ruleset upon some condition. You could conceivably use
> >that to evaluate some rules and come to a decision without having to
> >evaluate all of the rules in a policy. It would take some
> >rethinking of your existing rules, no doubt.
>
>
> How is it possible? Could you please come up with some examples?
> The traffic I want to decide about, first, must match all features
> which I want and then do the decision about the traffic.
Well, tags could help here. With a concrete example of what you want, it
would be easier to suggest a solution.
Regards.
More information about the freebsd-pf
mailing list