In rev 1.29 of /etc/pf.conf, "pass quick" has been replaced
by "set skip" for lo and $int_if.

I think that for lo, it makes a lot of sense to use set skip,
but for $int_if, it is a poor default choice, because it break
the subsequent ftp-proxy line:

#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021

if you uncomment the above line using /etc/pf.conf prototype, it
won't work and it's not obvious why. I therefore suggest
reverting part of the previous patch.

Cedric


--- pf.conf.orig Thu Aug 25 20:00:51 2005
+++ pf.conf Thu Aug 25 20:01:47 2005
@@ -10,7 +10,7 @@
#table <spamd> persist
#table <spamd-white> persist

-#set skip on { lo $int_if }
+#set skip on { lo }

#scrub in

@@ -24,6 +24,7 @@
#block in
#pass out keep state

+#pass quick on { $int_if }
#antispoof quick for { lo $int_if }

#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state