On 1/6/2011 at 10:40 AM Mike. wrote: |On 1/5/2011 at 2:56 PM Axton wrote: | ||On Wed, Jan 5, 2011 at 10:14 AM, Mike. <the.li...@mgm51.com> wrote: || ||> On 1/4/2011 at 10:57 PM Josh Smith wrote: ||> ||> | ||> |pass in on $int_if0 # pass all incomming traffic on our internal ||> interface ||> |pass in on $int_if1 # pass all incomming traffic on our internal ||> interface from the test network ||> ============= ||> ||> ||> ||> ||> I have two internal subnetworks, one for standard frames and one for ||> jumbo frames. ||> ||> Instead of the two rules you cite, I use the following: ||> ||> ||> ||> ||> # macros ||> std_if = "em1" ||> jum_if = "em0" ||> loc_if = "lo0" ||> ||> ||> # let internal traffic flow unimpeded ||> pass quick on $loc_if ||> pass quick on $std_if ||> pass quick on $jum_if ||> ||> ||"set skip" is probably more efficient. | ============= | | |It's a very light-duty firewall, but I'll read up on your suggestion |anyway. | |Thanks. =============
I read through the documentation, and it looks like I cannot use 'set skip' on my firewall. Set skip bypasses all pf processing for the interface noted, and I need for pf to perform the ftp proxy processing on those two interfaces. So I'll keep the pass quick rules. Thanks again for your comment, though. I learned something as I researched it.
