On Mon, Aug 25, 2008 at 11:05:38AM +1000, Mikel Lindsaar wrote: > Hello list, > > I have purchased and read the book of PF (good book by the way) as > well as the man pages, and I have a question that I have not been able > to find a definitive answer on: > > "Does PF only evaluate every packet against the ruleset once on all > interfaces, or does it evaluate once for each interface?" >
If you default action is `block' and you want to allow a packet to be routed through 2 interfaces on a multihomed box, you'd need two rules: 1st rule to allow packet `in' on the first interface 2nd rule to allow packet `out' from the second interface I hope this answers your question.
