View Single Post
  #8   (View Single Post)  
Old 22nd March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default

Code:
pass in on em0 from 10.1.0.0/24 to any tag CLIENT2U queue client2_dn 
pass out on em0 from { (em0), (carp1) } queue client2_dn
pass out quick on $ext_if tagged CLIENT2U queue client2_up
Cannot you use quick on the first two rules? Remember that in pf the last matching rule wins. The only way to prevent this is to use quick.

So if any other rule after this by would allow incoming traffic on em0 from 10.1.0.0/24, this traffic would be passed without being assigned to that "client2_up" queue.

BTW I am not an expert
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote