[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Academic question on pf.conf

On 4/11/05, William Ross <[email protected]> wrote:
> In my rules section, if I have a first rule such that
> block on (external interface) all;
> Would that not make any following rules about
> spoofing and blocking rfc1918 nets redundant?
That would depend on intervening rules.  If you
have any pass rules bearing on rfc1918 nets,
then the subsequent block rules could be useful
to close off subnets.