Hello all, The "require-order" option has the following ominous warning:
"There may be non-trivial and non-obvious implications to an out of order ruleset. Consider carefully before disabling the order enforcement." In OpenBSD 4.6 this directive was changed to 'no' by default, and it was taken out completely in 5.0. Can someone please clarify what are these "non-trivial and non-obvious implications" for pf 4.5 in FreeBSD 9.0? I assumed that pf always evaluates nat and rdr rules before filtering, meaning that a nat rule placed after a pass/block rule would still be executed first for outgoing packets. If so, the ordering shouldn't really matter. Is that incorrect? - Max _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
