Date: Sat, 5 Jan 2002 02:47:13 +0200 (EET) From: Bernie <Bernie_X@myrealbox.com> To: freebsd-questions@FreeBSD.ORG Subject: ipfw rules ordering -- newcomer Message-ID: <20020105023423.V1201-100000@BLAST>
next in thread | raw e-mail | index | archive | help
hello, i've just setup ipfw on my machine and got a question on ordering the rules: i unserstood that rules order matters in the operation of a firewall and first rule that matches stops the search etc. but what about the order on things you want to allow? is it better to have some ordering for speed for example? on my machine, which is used for connecting to the internet (no lan) i got the order as follows: 1. route all through tun0 2. DNS reply allow (*only* reply) 3. all outgoing tcp + udp allow (tcp first setup then establish) 4. allow icmp -- echo-request(8) + echo-reply(0) + traceroute(11) 5. deny + log all others Do you think the above is good ordering? thanks a lot for your help regards, Bernie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020105023423.V1201-100000>