On Sun, 14 Jan 2007 17:17:19 -0800 Jesse Peterson <[EMAIL PROTECTED]> wrote:
> I'm having big issues with rules, ordering of rules by interface, and other > non-intuitive issues which prompt me to ask two questions: > > * How can I get to the generated PF rules that the GUI represents? > * How can I turn off first-rule-matches (quick) behaviour and use the > PF-default of last-rule-matches? So I found the generated PF rules (/tmp/rules.debug) which answers a number of questions. However, I'd still ask the rule-matching behaviour questions as well as a few more questions: * Is there a way to affect the order in which the interface rules are written? (Ie, have the LAN (or any other) interface rules written to the PF conf file first rather than the WAN [or any other arbitrary ordering]) * Is there a way to have hand-written custom rules? Ideally the location/ordering of said rule would be customizable. * Is there a way to have a rule that spans multiple interfaces (Ie, LAN, OPT1, OPT2, "any", etc.). Ordering/location would be important for this. * Is there a way to have rules based on outgoing packets from an interface? I know you can put a rule on the destination interface, but this is a fair bit of flexibility absent. Thanks for time! - Jesse --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
