PF blocking even if set to pass all

Erik Norgaard norgaard at
Thu Dec 13 14:57:06 PST 2007

RW wrote:
> On Thu, 13 Dec 2007 21:17:09 +0100
> Erik Norgaard <norgaard at> wrote:
>> I think it is possible to set a default rule, which for security
>> should be block, which means that any packet that falls through your
>> rule set will be blocked. 
> I'm not aware that there is, the FAQ suggests having 
> block in  all
> block out all
> at the top.
>> Therefore, you should have "pass quick".
> With PF the last rule to be hit will be used, which means the default
> is normally applied at the beginning  and then overridden. You don't
> need quick to avoid dropping off the bottom of the rules, unless you
> are trying to replicate an IPFW script in PF.

You're right, I'm thinking of the feature from IP-Filter.

Erik Nørgaard
Ph: +34.666334818                 

More information about the freebsd-questions mailing list