On Sun, Jun 27, 2004 at 10:10:48AM +0100, Richard Ibbotson wrote:
> Hi
> 
> Tried sending this one into NetBSD-help the other day.  Not seen 
> anyone reply and so thought this list might be more appropriate.
> 
> Looking further into my own IPF configuration I find that I would like 
> to understand some more about the syntax. If I have a rule which says, 
> for example....
> 
> block in log quick on ippp0 proto tcp from any to 10.0.0.0/24 port 136 >< 140
> 
> where 10.0.0.0/24 is an internal network is it better to write it 
> this way around ? .........
> 
> block in log quick on ippp0 proto tcp from any to any port 136 >< 140

I use the second form myself. I don't think one consume more
resources than the other in ipf, but the second form is less error-prone.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--