You can implement this using anchors.
On Wed, 5 Feb 2003, Ed White wrote: > I've a quick question for PF developers: > > if PF checks ruleset everytime a packet pass through an interface this means > that for a classic gateway/bridge/firewall it will evaluate 2 times the > ruleset. One going in if1 and going out if 2, right ? > > So Daniel have created skip-steps that let you jump all (or a lot of) rules > related to other interfaces. > > But why don't you separate ruleset files ? > > pf.conf (all global definitions) > pf.rl0 > pf.fxp0 > pf.dc0 > pf.dc1 > pf.tun0 > > So you'll be sure to evaluate interface related rules only. > > What about ?
