Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Rule evaluation order of non-quick rules in the Floating Rules section
« previous
next »
Print
Pages: [
1
]
Author
Topic: Rule evaluation order of non-quick rules in the Floating Rules section (Read 820 times)
user-0209
Newbie
Posts: 1
Karma: 0
Rule evaluation order of non-quick rules in the Floating Rules section
«
on:
January 25, 2023, 11:44:41 pm »
I was trying to put a rule for catching all out-of-state packets so that the Default Deny rule really and only lists/blocks illegitimate traffic. Put that rule also into the floating section right above the default Deny rule. After some testing I get the impression, that the non-quick rules get evaluated in reverse order (compared to how they appear in the list). Hence, if I place the Out-Of-State rule BEHIND the Default Deny rule, the Out-of-State will be sorted out and Default Deny is left for just the illegitimate traffic.
Can somebody confirm, this is by design? Thanks.
And: thanks for this great piece of software!
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Rule evaluation order of non-quick rules in the Floating Rules section
«
Reply #1 on:
January 26, 2023, 08:00:39 am »
Quote
non-quick rules get evaluated in reverse order (compared to how they appear in the list)
(if i understand this sentence right) that's how pf works: for non-quick rules last matching rule wins.
or, to put it another way: in pf the last matching rule wins, and setting the 'quick' option makes the matched rule last
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Rule evaluation order of non-quick rules in the Floating Rules section