nanog mailing list archives
Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
From: Scott Francis <darkuncle () darkuncle net>
Date: Sat, 18 Jan 2003 15:48:03 -0800
On Sat, Jan 18, 2003 at 12:29:28PM -0500, ras () e-gerbil net said: [snip]
As I understand OpenBSD's pf (which may not be complete so feel free to point out if I'm wrong), it isn't actually doing anything to compile normal packet lookups, it just added a non-sequential lookup engine for the truely "stateful" filtering that it does. While this is nice and all, it doesn't replace the functionality of normal rule-based filtering, and
From pf.conf(5):
For each packet processed by the packet filter, the filter rules are
evaluated in sequential order, from first to last. The last matching
rule decides what action is taken.
Does this not constitute rule-based filtering? Or am I misunderstanding you?
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
Attachment:
_bin
Description:
Current thread:
- Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Josh Brooks (Jan 16)
- Cross country networks, and data replication... Questions... :-) Gabriel (Jan 16)
- Re: Cross country networks, and data replication... Questions... :-) Jared Mauch (Jan 16)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Mikael Abrahamsson (Jan 16)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls dre (Jan 16)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls David G. Andersen (Jan 16)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Scott Francis (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Avleen Vig (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Richard A Steenbergen (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Scott Francis (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Richard A Steenbergen (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Avleen Vig (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls E.B. Dreger (Jan 18)
- Cross country networks, and data replication... Questions... :-) Gabriel (Jan 16)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Tony Kapela (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Avleen Vig (Jan 18)
- Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls Stefan Paletta (Jan 18)