--On 01 October 2005 04:43 -0500, Travis H. wrote:
Ah, but the matching engine doesn't have to traverse the whole rule list that way. Unless pf is doing something really tricky, every packet will have to traverse every firewall rule without use of quicks.
huh? "Before any rules are evaluated, the filter checks whether the packet matches any state. If it does, the packet is passed without evaluation of any rules." - pf.conf(5)
