Quote:
Originally Posted by J65nko
Question
Would the second example still work if the order of the rules are reversed?
Code:
# block but don't log some log polluters
block log all
block quick inet proto udp from any to port {netbios-ns, netbios-dgm }
block quick inet proto udp from any to port { bootps,bootpc }
|
Yes it would, as the evaluation will select the last rule that exactly matches. In this case if the packets were not those mentioned in the block quick statements, then the block log all would match.
It evaluates from top to bottom but still uses the rule that matches exactly unless the block quick is used, which says stop evaluating if it matches.