Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 9th July 2009
zelut zelut is offline
Port Guard
Join Date: Oct 2008
Posts: 11
Exclamation first match vs last match ruleset design (pf vs iptables)

I'm just starting my research into pf, but I have quite a bit of experience with Linux iptables. With iptables the ruleset is a first-match design. Upon finding a packet that matches a rule the list is exited and the packet is acted upon. From my reading with pf it appears to be the opposite.

I'm wondering if anyone can explain the idea behind this--it seems backwards to me. Or has anyone else gone through the transition between one design and the other and has any advice on how to change my way of thinking?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ipfw ruleset double check l2fl2f FreeBSD Security 3 26th March 2009 06:32 AM
PF can't match on TOS? ivanatora FreeBSD General 1 15th February 2009 10:34 AM
FTP ruleset questions hitete OpenBSD Security 2 25th November 2008 05:30 PM
spoofing with iptables dk_netsvil General software and network 6 29th October 2008 08:22 PM
iptables fw redundancy revzalot Other BSD and UNIX/UNIX-like 3 17th June 2008 04:51 PM

All times are GMT. The time now is 04:18 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick