A stupid question:

A packet arrives at, say, ep0 and is passed by the ipf "in" rules of ep0.
The packet is destined to another network behind ep1, and is blocked by
the "out" rules of ep1.  Unless I'm doing something stupid (like I often
am), it seems that when the packet is accepted in via ep0, it will auto-
magically be passed to ep1, even though the "out" rules would block it.

I use "quick" and grouping extensively.  The "in" rules of ep0 are part
of group 100 and they are all "quick" (if the packet is passed, the rest
of the rules are not checked).  The "out" rules of op1 are part of
group 450 and they are also "quick".

Why aren't the "out" rules of ep1 checked?  Does a "quick" keyword in
another group cause this or does ipf _always_ work this way?

This machine is a router between four or five different networks and what
comes in via ep0 is NOT what should go out via ep1 (although it might be
what should go out via ep2 etc.).

Thanks, as always.

  -jm