Date: Sat, 25 Jun 2005 22:54:07 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: firewall on FreeBSD Message-ID: <1A484E171DDCF9999E427CBD@Paul-Schmehls-Computer.local> In-Reply-To: <42BDEB5E.5030003@dial.pipex.com> References: <MIEPLLIBMLEEABPDBIEGMEIMHHAA.fbsd_user@a1poweruser.com> <200506241731.13651.martin@orbweavers.co.uk> <08A3A012657D73D10A220154@Paul-Schmehls-Computer.local> <20050625064224.GB4460@masterpost> <1585990126FE46C02925C321@Paul-Schmehls-Computer.local> <42BDEB5E.5030003@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On June 26, 2005 12:40:14 AM +0100 Alex Zbyslaw <xfb52@dial.pipex.com> wrote: > Paul Schmehl wrote: > >> --On June 25, 2005 8:42:24 AM +0200 mess-mate <messmate@free.fr> wrote: >> >>> >>> I've a firewall/router/proxy with openbsd and think to replace it >>> with freebsd 5.4 >>> Do you mean freebsd's PF don't support the 'quick' keyword ?? >>> Thought PF on freebsd and openbsd was identical, isn't ? >>> >> pf on freebsd does support the "quick" keyword. The "default" >> firewall, ipfw, does not. > > This makes no sense to me. The two firewalls work very differently. > > In pf, each rule is always processed on every packet and the last rule > matching determines the action. "quick" terminates the rule matching and > forces the "quick" rule to be, in effect, the final rule (assuming the > packet matched it). > > ipfw does not match every rule for every packet, rather is processes down > the rules until the packet matches one with a terminating action such as > "accept" or "deny". No "quick" keyword is needed. > Precisely. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1A484E171DDCF9999E427CBD>