Re: pf and rpi

To: Rhialto <rhialto%falu.nl@localhost>
Subject: Re: pf and rpi
From: Zoran Kolic <zkolic%sbb.rs@localhost>
Date: Sat, 4 Oct 2014 05:03:41 +0200

> I've never understood the reason for "last one wins". That seems like
> unnecessary work, checking all those rules that may or may not be
> winning in the end. And you can get the same effect with a "first one
> wins" system (hence more efficiently) if you simply reverse the order of
> the rules.

I'm afraid it does not work like that. Last win is firewall's
internal. Having not used npf ever, I might say that "final"
word makes it stop further checking.
At the moment I stranded myself on securelevel. For some reason
I just cannot change it to -1. Not in rc.conf, nor sysctl.conf.
Seems that evbarm does not support boot.cfg module loading and
I don't want to find it out the worst way. Any idea what to do
next?
I'd appreciate if someone says a word or two on rules I made for
simple one user node.
Best regards all

                           Zoran

Follow-Ups:
- Re: pf and rpi
  - From: Thor Lancelot Simon

References:
- pf and rpi
  - From: Zoran Kolic
- Re: pf and rpi
  - From: uhel
- Re: pf and rpi
  - From: Zoran Kolic
- Re: pf and rpi
  - From: Christian Koch
- Re: pf and rpi
  - From: Zoran Kolic
- Re: pf and rpi
  - From: Rhialto

Prev by Date: Re: pf and rpi
Next by Date: Re: pf and rpi
Previous by Thread: Re: pf and rpi
Next by Thread: Re: pf and rpi
Indexes:

Home | Main Index | Thread Index | Old Index