Travis H. wrote:
Yeah, I neglected stateful matching. I should have said that everypacket that has to run the gauntlet of rules, has to run all of them.
Not necessarily. Search for "pf" and "skip-steps", something that isn't documented much inside OpenBSD, because it is always on and being done for you. Also, the `-o' parameter to pfctl(8) might be of interest.
Moritz
