View Single Post
  #7   (View Single Post)  
Old 2nd December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,011
Default

No. Instead, I'm happy to do some minimal teaching.

Question 1: What percentage of packets will be blocked by this 2-line PF configuration?
Code:
block
pass
Question 2: What percentage of packets will be blocked by this 2-line PF configuration?
Code:
pass
block
Question 3: Are your answers for Questions 1 and 2 the same, or are they different? Why?

Question 4: Both UDP and TCP connections use port numbers. In a single connection between two IP addresses, how many port numbers are involved? Why?

Question 5: How does a PF pass rule with the default keep state option treat the establishment of state? How is it different between TCP and stateless protocols like UDP?

---- Answers (hidden as white text on white background below) ---
1. 0%. 2. 100% 3. Different. The last matching rule wins. 4. Two. There is a sending port number, and a receiving port number. 5. When a pass rule is matched that establishes state, the state is added to PF's state table and no rules are tested for any follow-on packets while the state remains established. TCP session teardown ends the state. Stateless protocols use timers to maintain a temporary state table entry.
Reply With Quote