summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2005-08-23 02:52:59 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2005-08-23 02:52:59 +0000
commit5a7aa9234b28183dabb5b13d7c1a1ffe0977ae0a (patch)
tree69ff9ef37dfc3816bb6e3a80d80059d275ba1f86 /etc
parentc77606d80688db3703b4da413c400b13c2b52c73 (diff)
replace the "pass quick" example line for loopback and the inner interface
with a set skip statement to the same effect, performs way better suggested by Stuart Henderson <stu@spacehopper.org>, theo ok
Diffstat (limited to 'etc')
-rw-r--r--etc/pf.conf5
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/pf.conf b/etc/pf.conf
index 7a0a3708a2c..9fc7bb755aa 100644
--- a/etc/pf.conf
+++ b/etc/pf.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
+# $OpenBSD: pf.conf,v 1.29 2005/08/23 02:52:58 henning Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@@ -10,6 +10,8 @@
#table <spamd> persist
#table <spamd-white> persist
+#set skip on { lo $int_if }
+
#scrub in
#nat on $ext_if from !($ext_if) -> ($ext_if:0)
@@ -22,7 +24,6 @@
#block in
#pass out keep state
-#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state