[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I've read all the pf documentation i've found, but I still have a little
If i put the rule "block in $ext_if all" at the top of my ruleset,
"block return-rst in on $ext_if proto tcp all" is not necessary,
AFAIK the first rules do the same thing of the second one, it just don't
send a reply to the host sending the tcp packets, so what's the
advantage of having the second rules after the first one? (as suggested
in pf.con manual page)
btw I read that return-rst caused a kernel panic in some situations, has
this been fixed in -stable or it's still safer not to use it?
"Better true to yourself
Than a perfect shadow
Of somebody else
An empty shell"
(MrBig, My new religion)