On Fri, Apr 11, 2008 at 9:06 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > Ermal Luçi wrote: > > > What's wrong with only in rules?! > > > > You can do the same blocking as you would do with out and just save > > your computer from blocking the packet after traversing the whole > > machine! > > > > > > The interface it's blocked on is relatively irrelevant. You can do anything > with only in rules, but in some circumstances, it's *much* easier to use > outbound rules because you can accomplish the same thing with far fewer > rules. One good example is a box with several interfaces where you want to > use a single egress ruleset for Internet traffic without configuring the > same ruleset multiple times. > > But isn't this all a moot argument now? Ermal, doesn't your shaper work > allow in and out filtering in 1.3?
Yes that's for sure it allows you to do such things and i know where those out or generic rules come handy. http://forum.pfsense.org/index.php/topic,2718.180.html 3rd reply in that page or post #182 explains it. Just not advertised it since 'in' rules in this case still do the job. Ermal > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
