Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Rationale for BSD (I)PF rule order?

From: "Volker Tanger" <volker.tanger () discon de>
Date: Thu, 8 May 2003 14:59:39 +0200
Greetings!

I was not able to find a rationale for the BSD type of packet filter
application. Where most FW/ACL implementations follow "first match", BSD
usually takes "last match" (if you don't use the "quick" method).

Is there a reason why that was decided this way? Especially as I
currently cannot see advantages for this behaviour, only performance
disadvantages. Can someone enlighten me here?

Thanks a lot

Volker Tanger

IT-Security
discon gmbh
DeTeWe AG & Co. KG

Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/

-- 


-------------------------------------------------------------------
Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de .
Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich.

Visit our new Internet Pages on http://www.detewe.de .
Our Highlight: Online Product Adviser for Home & Office.
(Currently available in German only)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: