I think the manual says the last filter rule to match takes precedence, unless it's NAT rules, then it's the first.
Also, I've found pftop as a great firewall rule debugging aid. -Chris -----Original Message----- From: John Blaze [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 7:16 AM To: [email protected] Subject: question about duplicate rules in pf and altq hello, i have a obsd machine as a gateway to other 6 pc's using nat. one of those pc's i use for gaming so i want to use altq for bw purposes. the relevant part of pf is this: internal_lan = 10.0.0.0/24 <http://10.0.0.0/24> game_pc = 10.0.0.6 <http://10.0.0.6> ..... queue std_in bandwidth 445Kb priority 1 cbq(default borrow) queue game_bw bandwidth 80Kb priority 5 cbq(red borrow) ...... pass out on $int_if from any to $internal_lan keep state queue std_in pass out on $int_if from any to $game_pc keep state queue game_bw since $game_pc is in both 'pass' rules which one will pf use? TIA, John
