firewall on FreeBSD
Paul Schmehl
pauls at utdallas.edu
Mon Jun 27 07:02:29 GMT 2005
--On June 26, 2005 12:40:14 AM +0100 Alex Zbyslaw <xfb52 at dial.pipex.com>
wrote:
> Paul Schmehl wrote:
>
>> --On June 25, 2005 8:42:24 AM +0200 mess-mate <messmate at free.fr> wrote:
>>
>>>
>>> I've a firewall/router/proxy with openbsd and think to replace it
>>> with freebsd 5.4
>>> Do you mean freebsd's PF don't support the 'quick' keyword ??
>>> Thought PF on freebsd and openbsd was identical, isn't ?
>>>
>> pf on freebsd does support the "quick" keyword. The "default"
>> firewall, ipfw, does not.
>
> This makes no sense to me. The two firewalls work very differently.
>
> In pf, each rule is always processed on every packet and the last rule
> matching determines the action. "quick" terminates the rule matching and
> forces the "quick" rule to be, in effect, the final rule (assuming the
> packet matched it).
>
> ipfw does not match every rule for every packet, rather is processes down
> the rules until the packet matches one with a terminating action such as
> "accept" or "deny". No "quick" keyword is needed.
>
Precisely.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
More information about the freebsd-questions
mailing list