On Mon, Oct 24, 2005 at 10:48:03AM -0400, Monah Baki wrote: > Solved it, > > had to switch > > pass in quick on $int_if all > pass out quick on $int_if all > > to > > pass in quick on $int_if all keep state > pass out quick on $int_if all keep state
Is there any particular reason you are using 'quick' on most of your rules? There are certain situations that quick is needed or recommended, but I'm of the school that using quick on all of your rules just leads to unnecessary confusion. Also, I'm not too sure what your intention was surrounding the ordering of your rules. The most common way is to put all your 'default block' rules at the top of your ruleset and all the specific allow rules following those. When you've got default block rules peppered throughout your ruleset, it'll quickly become fault prone and difficult to manage. IMO, of course. There was a thread some time ago that (I believe) discussed using 'quick' in large/complicated rulesets to speed up processing. I'm not 100% sure what the consensus was, but I think what part of it boiled down to was that the benefits that you gain by using quick are far outweighed by those of having a tight and easy to manage ruleset. http://marc.theaimsgroup.com/?l=openbsd-pf&m=111522051104764&w=2 -jon
