On 2004-01-10 01:16 +0000, Daniel Hartmeier wrote: > On Fri, Jan 09, 2004 at 06:54:20PM -0500, Munish Chopra wrote: > > > 'from any to any' is apparently not being inferred in this little > > snippet: > > > > http://www.soulwax.net/stuff/pf/pf-rule > > You can only use 'port domain' when you specify either from or to (or > both), otherwise it's not clear whether source or destination port > must be domain (and you can't express 'either source or destination > port equals domain', you need two rules for that). So > > 'pass from port domain', 'pass from any port domain', > 'pass from port domain to any', 'pass from any port domain to any' > > are all valid and equivalent, but > > 'pass port domain' > > is invalid, and that's what you have. >
Ahh, of course. Thanks, that makes perfect sense. > > On a different note, it was mentioned on IRC that keeping state > > while using ALTQ is likely a bad idea. Could someone please point to > > a discussion about this in the archives somewhere, or elaborate > > personally? > > I don't know what that person was referring to, you should have asked > him/her. There's nothing wrong with doing queuing and stateful > filtering at the same time. That's what I thought. I'll see if I can catch that person online again and figure out what that was all about. Thanks for your help! -- Munish Chopra
