Browse Source

replace the "pass quick" example line for loopback and the inner interface

with a set skip statement to the same effect, performs way better
suggested by Stuart Henderson <stu@spacehopper.org>, theo ok
OPENBSD_3_8
henning 19 years ago
parent
commit
ef67ad380f
1 changed files with 3 additions and 2 deletions
  1. +3
    -2
      src/etc/pf.conf

+ 3
- 2
src/etc/pf.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
# $OpenBSD: pf.conf,v 1.29 2005/08/23 02:52:58 henning Exp $
# #
# See pf.conf(5) and /usr/share/pf for syntax and examples. # See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@ -10,6 +10,8 @@
#table <spamd> persist #table <spamd> persist
#table <spamd-white> persist #table <spamd-white> persist
#set skip on { lo $int_if }
#scrub in #scrub in
#nat on $ext_if from !($ext_if) -> ($ext_if:0) #nat on $ext_if from !($ext_if) -> ($ext_if:0)
@ -22,7 +24,6 @@
#block in #block in
#pass out keep state #pass out keep state
#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if } #antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state #pass in on $ext_if proto tcp to ($ext_if) port ssh keep state


Loading…
Cancel
Save