> But 'fxp0' does NOT allow any new 'outbound' connections except from the > 'int_net'. Would that mean that DNS packets are not allowed outside the > firewall and the above rule was written in vein?? I am missing > something here..
The firewall can be the nameserver too. If the firewall is in $int_nets, it's authorized for outbound to the Web. But the goal of this example is to illustrate queueing. NAT is missing too. "Note that only the pf.conf directives that apply directly to the above policy are present; nat, rdr, options, etc., are not shown." (sic) :-) -- Alexandre Anriot [EMAIL PROTECTED]
