Block and Pass normally work via "last matching rule wins". If all of your pass rules are for other protocols, then a block for ICMP may go anywhere.
If you add the "quick" parameter to a rule, if the rule matches, PF stops testing the packet and performs the block or the pass immediately.
Blocking ICMP can block proper use of TCP/IP, and cause some applications to fail.
|