Date: Sun, 26 Jun 2005 00:40:14 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Paul Schmehl <pauls@utdallas.edu> Cc: freebsd-questions@freebsd.org Subject: Re: firewall on FreeBSD Message-ID: <42BDEB5E.5030003@dial.pipex.com> In-Reply-To: <1585990126FE46C02925C321@Paul-Schmehls-Computer.local> References: <MIEPLLIBMLEEABPDBIEGMEIMHHAA.fbsd_user@a1poweruser.com> <200506241731.13651.martin@orbweavers.co.uk> <08A3A012657D73D10A220154@Paul-Schmehls-Computer.local> <20050625064224.GB4460@masterpost> <1585990126FE46C02925C321@Paul-Schmehls-Computer.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl wrote: > --On June 25, 2005 8:42:24 AM +0200 mess-mate <messmate@free.fr> wrote: > >> >> I've a firewall/router/proxy with openbsd and think to replace it >> with freebsd 5.4 >> Do you mean freebsd's PF don't support the 'quick' keyword ?? >> Thought PF on freebsd and openbsd was identical, isn't ? >> > pf on freebsd does support the "quick" keyword. The "default" > firewall, ipfw, does not. This makes no sense to me. The two firewalls work very differently. In pf, each rule is always processed on every packet and the last rule matching determines the action. "quick" terminates the rule matching and forces the "quick" rule to be, in effect, the final rule (assuming the packet matched it). ipfw does not match every rule for every packet, rather is processes down the rules until the packet matches one with a terminating action such as "accept" or "deny". No "quick" keyword is needed. --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42BDEB5E.5030003>