On Wed, Feb 12, 2003 at 01:16:59PM -0800, Bryan Irvine wrote: > It says in the FAQ that the first 2 implicit rules are > pass in all > pass out all
This means that if a packet doesn't match ANY of your rules, it will get passed. If it matches one or more of your rules, this is irrelevant, and the matching rules decide. So you don't have to put those two pass rules into your ruleset at all, it's meant as an illustration of the default pass. > but I want to by default block everything. > My understanding is that pf won't even receive the reqests if i remove > those 2 rules. Just start your ruleset with block in all block out all Since these two rules will match all packets, the implicit default mentioned above becomes irrelevant. Then add your selective pass rules below that, and you have a policy that blocks everything by default unless it's explicitely passed by a rule. Daniel
