--On 04 December 2005 14:27 -0600, eric wrote:
On Sun, 2005-12-04 at 11:39:01 -0800, Rodney Hopkins proclaimed...
I was looking at the pf.conf included with 3.8, and with the
addition of the following line:
set skip on { lo }
doesn't the lo part of the following line become redundant:
antispoof quick for { lo $int_if }
It becomes irrelevant; after "set skip," nothing else will be
evaluated for that interface.
'antispoof for lo0' affects every interface other than lo0. From
pf.conf(5):
For example, the line
antispoof for lo0
expands to
block drop in on ! lo0 inet from 127.0.0.1/8 to any
block drop in on ! lo0 inet6 from ::1 to any
