--On June 26, 2005 12:40:14 AM +0100 Alex Zbyslaw <[EMAIL PROTECTED]>
wrote:
Paul Schmehl wrote:
--On June 25, 2005 8:42:24 AM +0200 mess-mate <[EMAIL PROTECTED]> wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
pf on freebsd does support the "quick" keyword. The "default"
firewall, ipfw, does not.
This makes no sense to me. The two firewalls work very differently.
In pf, each rule is always processed on every packet and the last rule
matching determines the action. "quick" terminates the rule matching and
forces the "quick" rule to be, in effect, the final rule (assuming the
packet matched it).
ipfw does not match every rule for every packet, rather is processes down
the rules until the packet matches one with a terminating action such as
"accept" or "deny". No "quick" keyword is needed.
Precisely.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
