Date: Fri, 16 Feb 2001 08:54:56 -0500 From: "Ben" <ben@cahostnet.com> To: "Chris Hill" <chris@monochrome.org>, "Wayne Pascoe" <wayne.pascoe@realtime.co.uk> Cc: "FreeBSD Questions List" <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw reading rules from a file Message-ID: <003801c09820$0d8e0300$6102a00a@nhqadmin17> References: <Pine.BSF.3.96.1010216081216.21384B-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
That is correct, the rules are checked line by line. It's important in the order that you load the firewall rules because that's how it checks the rules. You should alway put the most used rules first b/c this will speed up the requests. Hope that helps. Ben ----- Original Message ----- From: "Chris Hill" <chris@monochrome.org> To: "Wayne Pascoe" <wayne.pascoe@realtime.co.uk> Cc: "FreeBSD Questions List" <freebsd-questions@FreeBSD.ORG> Sent: Friday, February 16, 2001 8:17 AM Subject: Re: ipfw reading rules from a file > On Fri, 16 Feb 2001, Francesco Casadei wrote: > > > On Fri, Feb 16, 2001 at 10:13:42AM +0000, Wayne Pascoe wrote: > > [big snip] > > > > Lastly, does ipfw work on a first match wins basis (like iptables / > > > ipchains) or does it work on a last match wins basis (like ipf) ? > > I believe the first match wins - once a rule matches, no further rules > are processed for that packet. > > > -- > Chris Hill chris@monochrome.org > ** [ Busy expunging <-> ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801c09820$0d8e0300$6102a00a>