Re: rdr quick
This is a discussion on Re: rdr quick within the mailing.openbsd.tech forums, part of the OpenBSD category; --> Ryan McBride wrote: > On Sun, Oct 08, 2006 at 04:17:45AM +0159, Han Boetes wrote: > > since `pass' ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:54 AM
| ||||
| ||||
 Re: rdr quick Ryan McBride wrote: > On Sun, Oct 08, 2006 at 04:17:45AM +0159, Han Boetes wrote: > > since `pass' is used for something else with the rest of the > > rules it can be confusing to people who think in mathimatical > > keyword logic instead of language logic. > > > > So that's why I wanted to suggest to use `rdr quick' which is > > consistent with the rest of pf. No need to remove the `rdr > > pass' statement because of backward compatibility, but it > > doesn't have to be in the documentation anymore. > > By itself the 'quick' keyword only applies to ruleset > evaluation, halting it at this rule if there is a match. It does > NOT specify whether the packet should be passed, dropped, > logged, altered, or otherwise abused. > > The 'pass' keyword IS being used consistently in the ruleset: > wherever you see it, it means the packet will not be blocked if > this is the matching rule. > > Also: Sometimes confusion arises because translation rules are > all effectively 'quick' rules, as the first matching rule is > always selected. I'd personally like to see translation rules > made last-match like the filter rules, and not abusing the > 'quick' keyword is a good start. OK, point taken. Thanks for sharing your views. # Han      |
Linear Mode
