after ruleset eval is done, we must apply actions from the last matching - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	henning <henning@openbsd.org>	2010-09-21 10:43:41 +0000
committer	henning <henning@openbsd.org>	2010-09-21 10:43:41 +0000
commit	d727e3d2f6c50ed1cb279a78d86b9a8dd00b3931 (patch)
tree	4590080c75d3f9b546ab76b1985d12f71d3ae0cc /usr.sbin/tcpdump/print-pflog.c
parent	Warn if schema file can't be opened. (diff)
download	wireguard-openbsd-d727e3d2f6c50ed1cb279a78d86b9a8dd00b3931.tar.xz wireguard-openbsd-d727e3d2f6c50ed1cb279a78d86b9a8dd00b3931.zip

after ruleset eval is done, we must apply actions from the last matching

pass or block rule, not the last matching rule. triggered by pr6401. this means that, for example, a rdr-to on a pass rule can override an rdr-to on a match rule that comes later in the ruleset. but that's the semantics: for block and pass rules, the last matching one wins, aka actions are applied after we're done with ruleset eval, and match rules' actions are applied on the fly. discussion with dlg and claudio, ok dlg ryan

Diffstat (limited to 'usr.sbin/tcpdump/print-pflog.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: