|
|
|||||||
| FreeBSD Security Securing FreeBSD. |
|
|
Thread Tools | Display Modes |
9th July 2009
|
|||
|
|||
first match vs last match ruleset design (pf vs iptables)
I'm just starting my research into pf, but I have quite a bit of experience with Linux iptables. With iptables the ruleset is a first-match design. Upon finding a packet that matches a rule the list is exited and the packet is acted upon. From my reading with pf it appears to be the opposite.
I'm wondering if anyone can explain the idea behind this--it seems backwards to me. Or has anyone else gone through the transition between one design and the other and has any advice on how to change my way of thinking? 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ipfw ruleset double check | l2fl2f | FreeBSD Security | 3 | 26th March 2009 05:32 AM |
| PF can't match on TOS? | ivanatora | FreeBSD General | 1 | 15th February 2009 09:34 AM |
| FTP ruleset questions | hitete | OpenBSD Security | 2 | 25th November 2008 04:30 PM |
| spoofing with iptables | dk_netsvil | General software and network | 6 | 29th October 2008 07:22 PM |
| iptables fw redundancy | revzalot | Other BSD and UNIX/UNIX-like | 3 | 17th June 2008 04:51 PM |
Threaded Mode