On Sat, 22 Mar 2014 08:48:40 -0600 Brett Glass wrote: > This is correct. And that's awkward, because you might not want all of > these checks in one place. Also, if there are many dynamic rules this > will slow traffic down quite a bit.
It should be the other way around. Once a flow has been learned it's just a simple hash-table lookup once you hit the first stateful rule. In pf most packets bypass the rules altogether. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
