[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: motivation behind the quick

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: motivation behind the quick
From: Ben Goren <ben_(_at_)_trumpetpower_(_dot_)_com>
Date: Thu, 15 May 2003 10:53:11 -0700

On Thu, May 15, 2003 at 06:42:48PM +0100, Dom De Vitto wrote:

> - block unless specifically permitted
> - permit unless specifically blocked

Hear, hear. You can have a  default deny without quick, of course,
but there  are times when it's  simpler and easier (for  the human
being,  and pf  is so  fast I  don't give  a damn  about what  the
computer thinks) to construct a good ruleset with quick.

But that's  why it's  an *option.* Some  people like  first match;
others like last-match; still more  like both. Choice is good. use
what fits you best.

Cheers,

b&

--
Ben Goren
 mailto:ben_(_at_)_trumpetpower_(_dot_)_com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]

Prev by Date: Re: NTP considered basic
Next by Date: Re: customs paranoia
Previous by thread: Re: motivation behind the quick
Next by thread: Re: motivation behind the quick
Index(es):
- Date
- Thread

Visit your host, monkey.org