|
FreeBSD Security Securing FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
first match vs last match ruleset design (pf vs iptables)
I'm just starting my research into pf, but I have quite a bit of experience with Linux iptables. With iptables the ruleset is a first-match design. Upon finding a packet that matches a rule the list is exited and the packet is acted upon. From my reading with pf it appears to be the opposite.
I'm wondering if anyone can explain the idea behind this--it seems backwards to me. Or has anyone else gone through the transition between one design and the other and has any advice on how to change my way of thinking? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ipfw ruleset double check | l2fl2f | FreeBSD Security | 3 | 26th March 2009 06:32 AM |
PF can't match on TOS? | ivanatora | FreeBSD General | 1 | 15th February 2009 10:34 AM |
FTP ruleset questions | hitete | OpenBSD Security | 2 | 25th November 2008 05:30 PM |
spoofing with iptables | dk_netsvil | General software and network | 6 | 29th October 2008 08:22 PM |
iptables fw redundancy | revzalot | Other BSD and UNIX/UNIX-like | 3 | 17th June 2008 04:51 PM |