NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pf and rpi

> I've never understood the reason for "last one wins". That seems like
> unnecessary work, checking all those rules that may or may not be
> winning in the end. And you can get the same effect with a "first one
> wins" system (hence more efficiently) if you simply reverse the order of
> the rules.

I'm afraid it does not work like that. Last win is firewall's
internal. Having not used npf ever, I might say that "final"
word makes it stop further checking.
At the moment I stranded myself on securelevel. For some reason
I just cannot change it to -1. Not in rc.conf, nor sysctl.conf.
Seems that evbarm does not support boot.cfg module loading and
I don't want to find it out the worst way. Any idea what to do
I'd appreciate if someone says a word or two on rules I made for
simple one user node.
Best regards all


Home | Main Index | Thread Index | Old Index