Hi,
I've a quick question for PF developers:
if PF checks ruleset everytime a packet pass through an interface this means
that for a classic gateway/bridge/firewall it will evaluate 2 times the
ruleset. One going in if1 and going out if 2, right ?
So Daniel have created skip-steps that let you jump all (or a lot of) rules
related to other interfaces.
But why don't you separate ruleset files ?
pf.conf (all global definitions)
pf.rl0
pf.fxp0
pf.dc0
pf.dc1
pf.tun0
So you'll be sure to evaluate interface related rules only.
What about ?
Ed
