On Fri, Jan 09, 2004 at 06:54:20PM -0500, Munish Chopra wrote: > 'from any to any' is apparently not being inferred in this little > snippet: > > http://www.soulwax.net/stuff/pf/pf-rule
You can only use 'port domain' when you specify either from or to (or both), otherwise it's not clear whether source or destination port must be domain (and you can't express 'either source or destination port equals domain', you need two rules for that). So 'pass from port domain', 'pass from any port domain', 'pass from port domain to any', 'pass from any port domain to any' are all valid and equivalent, but 'pass port domain' is invalid, and that's what you have. > On a different note, it was mentioned on IRC that keeping state while > using ALTQ is likely a bad idea. Could someone please point to a > discussion about this in the archives somewhere, or elaborate > personally? I don't know what that person was referring to, you should have asked him/her. There's nothing wrong with doing queuing and stateful filtering at the same time. Daniel
